monitoring-plugins-nrpe-4.0.3-3.5 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11099 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z monitoring-plugins-nrpe-4.0.3-3.5 on GA media These are all security issues fixed in the monitoring-plugins-nrpe-4.0.3-3.5 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11099 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11099 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2014-2913/ SUSE CVE CVE-2014-2913 page openSUSE Tumbleweed monitoring-plugins-nrpe-4.0.3-3.5 nrpe-4.0.3-3.5 nrpe-doc-4.0.3-3.5 monitoring-plugins-nrpe-4.0.3-3.5 as a component of openSUSE Tumbleweed nrpe-4.0.3-3.5 as a component of openSUSE Tumbleweed nrpe-doc-4.0.3-3.5 as a component of openSUSE Tumbleweed ** DISPUTED ** Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as "expected behavior." Also, this issue can only occur when the administrator enables the "dont_blame_nrpe" option in nrpe.conf despite the "HIGH security risk" warning within the comments. CVE-2014-2913 openSUSE Tumbleweed:monitoring-plugins-nrpe-4.0.3-3.5 openSUSE Tumbleweed:nrpe-4.0.3-3.5 openSUSE Tumbleweed:nrpe-doc-4.0.3-3.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-2913.html CVE-2014-2913 https://bugzilla.suse.com/874743 SUSE Bug 874743