[ MDVSA-2008:067 ] - Updated nagios packages fix multiple vu

[dude67]

Updated nagios packages fix multiple vulnerabilities

A number of vulnerabities were found in Nagios and Nagios Plugins
that are corrected with the latest version of both, as provided in
this update, including:

A buffer overflow in the redir function in the check_http plugin
allowed remote web servers to execute arbitrary code via long Location
header responses (CVE-2007-5198).

A buffer overflow in the check_snmp plugin allowed remote attackers to
cause a denial of service via crafted snmpget replies (CVE-2007-5623).

Cross-site scripting vulnerabilities in Nagios allowed remote
attackers to inject arbitrary web script or HTML via unknown vectors
to unspecified CGI scripts (CVE-2007-5624, CVE-2008-1360).

The updated packages provide Nagios 3.0 and Nagios Plugins 1.4.11
which are not vulnerable to these issues, and provide a number of
other enhancements and bug fixes. In addition, the packaging has been
optimized to reduce the number of extra dependencies that would have
to be installed; as a result you may have to install extra plugins
independantly that were once part of the full nagios-plugins package.