-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 22 May 2026 21:00:00 +1000 Source: nagios4 Binary: nagios4 nagios4-cgi nagios4-cgi-dbgsym nagios4-core nagios4-core-dbgsym Architecture: amd64 Version: 4.4.6-4+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) Changed-By: Russell Stuart Description: nagios4 - host/service/network monitoring and management system nagios4-cgi - cgi files for nagios4 nagios4-core - host/service/network monitoring and management system core files Closes: 1136340 Changes: nagios4 (4.4.6-4+deb12u1) bookworm-security; urgency=high . * CSRF Security Fix backported from upstream 4.5.12 commit e5ed38e53a5d65721520c7c67be0746d63da28cb (cgi/cmd.c and html/index.php.in). See https://www.nagios.com/security-disclosures/nagios-core/4-5-12/ for the upstream disclosure. No CVE assigned. Closes: #1136340. * This can break third party integrations that POST to cmd.cgi without first setting NagFormId (the CSRF check fails). Upstream PR 1055 has been added as a workaround - see README.Debian. Checksums-Sha1: f2dc5484f917d7bd581cf4a6194f3fa23e2df361 5732648 nagios4-cgi-dbgsym_4.4.6-4+deb12u1_amd64.deb cf204f74d5fcc0131ca417abae595cf6fa3d961b 1327720 nagios4-cgi_4.4.6-4+deb12u1_amd64.deb 8972f6c71c5d9187396932342edc80abdea8d4f5 756132 nagios4-core-dbgsym_4.4.6-4+deb12u1_amd64.deb 7a512a000f5b34aeaa9c4564028bd162b0fa8e35 250272 nagios4-core_4.4.6-4+deb12u1_amd64.deb 5767790759a1ea9568a397d1bdc7090c5312008d 10647 nagios4_4.4.6-4+deb12u1_amd64-buildd.buildinfo c906211a1c61475106e7e08dd64837e8b1514ad4 16296 nagios4_4.4.6-4+deb12u1_amd64.deb Checksums-Sha256: 3318a246efe69bdd87048a6e1abdb3458a48a02993a94efdccdaa3b0b97a9e91 5732648 nagios4-cgi-dbgsym_4.4.6-4+deb12u1_amd64.deb 1416f274b3a36eb844a24712b08f5cad900d16dededaa6157f7cddf3e131a709 1327720 nagios4-cgi_4.4.6-4+deb12u1_amd64.deb fd26d3ac1726add32ac525a8406f389ee55fe9b835f4762eaa7ba6d019c2f6f8 756132 nagios4-core-dbgsym_4.4.6-4+deb12u1_amd64.deb 7856ce10707367e72ea2ed79d3417858d656b88d16d77962d6ee7d2f1db13e02 250272 nagios4-core_4.4.6-4+deb12u1_amd64.deb 1d143873144d37932b49f45397cbe31f96711b32cbf79bf78a8c9201fc714cc9 10647 nagios4_4.4.6-4+deb12u1_amd64-buildd.buildinfo 9ae661227f16820d1079fda8311bb49f1431f2f25797bad70f20c45736bcdb5d 16296 nagios4_4.4.6-4+deb12u1_amd64.deb Files: f8d92d692717505216fbbc2441be1cbb 5732648 debug optional nagios4-cgi-dbgsym_4.4.6-4+deb12u1_amd64.deb ff980cc3c28b0ee9d5ddc0a4e858714e 1327720 net optional nagios4-cgi_4.4.6-4+deb12u1_amd64.deb 651bf324a82bad0ea52611e58400e5d4 756132 debug optional nagios4-core-dbgsym_4.4.6-4+deb12u1_amd64.deb c88fb82cc8ac5846c18e6e42526b8893 250272 net optional nagios4-core_4.4.6-4+deb12u1_amd64.deb b2a6cb387717d7e94ceef7f9ff4f80fa 10647 net optional nagios4_4.4.6-4+deb12u1_amd64-buildd.buildinfo 8c51c27e839e341be7398b93f79f5b32 16296 net optional nagios4_4.4.6-4+deb12u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEmtr4KUMaso2EQ6NrTwt/65ON6zcFAmoWCasACgkQTwt/65ON 6zf3yg//W2OKCMCfuJpibt2xhmbBrBBIXPoa/DSTC8blwRxDLlPRSneyHjxDrP7I sEs82C9jsabH/c/gFNRH90fJ6M31i2+CdlKT+UW1k9Cin30Kyb0/WGQuUptBQLAT szSK1+8cFe/lmf/Hs6W4HwvnEI/r7A4SV3DI6vQPS9OC026GZ5JZqjTdEWnCXXM5 TENtJd85U2IwSnm1kSGt9QGQuCEeTAdF1W1jgd2RUlk25KnvJji1mopvsQSg6MR3 X6FOggbFJL+gqn+i1rnS9JsLi+l1eFVtVccaR9iWVDO5xT6jx0tmWbzfZt/LN2OP KGKqiopmUkWNFjUxTwoSlWZe4JJx2P22VB68SRsqIl7QPCSc9tI8LmHxUPit438D WkANUipxMevRA8S/TDFEwocA7ZxqdW84yCgZS1/L6AoYt1OdMMsjr1mKvS4UQAk4 MPcdyZ6CgE6dBQMrh23IsK632YIl8KjKlBTs4IShoiHg6pWX3Cn926ABXBgQc3UP eiQ85/0po/ICC7d0ts6S6JsEZ5IWZRiPoXmFOXyWFrThhD2wGk0gp7VD9WJJ6pAq bppB3q3LSP9IsuQeImzA3fs9/RgqAoHp3VFWxbz8bpCRvH1DX3cTNKQlndk0fu5l YYBWAgwaFoJWMrPnACUvS8KeezatRmccQ7UFRAmywMTWwySY2fg= =bxMx -----END PGP SIGNATURE-----