16990 SEC NagVis: Updated to 1.9.42 (fix security issues)

NagVis has been updated to version 1.9.42. This update fixes the following security issues: - Fix various XSS issues (CVSS score: 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) - Fix potential RCE - Fix insecure password hashing algorithm for dedicated NagVis users (CVSS score 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) - Fix leak of installation path in error messages - Fix Make cookie hash comparison timing safe Change-Id: I06f2bd7a955968a0c07d799d9b2aef5624cf32ff
luigidacunto · Jul 15, 2024 · 3b78272 · 3b78272
1 parent 0bb38b2
commit 3b78272
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 1 deletion.
diff --git a/.werks/16990.md b/.werks/16990.md
@@ -0,0 +1,22 @@
+[//]: # (werk v2)
+# NagVis: Updated to 1.9.42 (fix security issues)
+
+key | value
+---------- | ---
+date | 2024-07-10T11:06:29+00:00
+version | 2.3.0p10
+class | security
+edition | cre
+component | packages
+level | 1
+compatible | yes
+
+NagVis has been updated to version 1.9.42.
+
+This update fixes the following security issues:
+- Fix various XSS issues (CVSS score: 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
+- Fix potential RCE
+- Fix insecure password hashing algorithm for dedicated NagVis users (CVSS score 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
+- Fix leak of installation path in error messages
+- Fix Make cookie hash comparison timing safe
+
diff --git a/omd/packages/nagvis/nagvis-1.9.41.tar.gz b/omd/packages/nagvis/nagvis-1.9.41.tar.gz
diff --git a/omd/packages/nagvis/nagvis-1.9.42.tar.gz b/omd/packages/nagvis/nagvis-1.9.42.tar.gz
diff --git a/omd/packages/nagvis/nagvis.make b/omd/packages/nagvis/nagvis.make
@@ -1,5 +1,5 @@
 NAGVIS := nagvis
-NAGVIS_VERS := 1.9.41
+NAGVIS_VERS := 1.9.42
 NAGVIS_DIR := $(NAGVIS)-$(NAGVIS_VERS)
 
 NAGVIS_PATCHING := $(BUILD_HELPER_DIR)/$(NAGVIS_DIR)-patching