-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 22 May 2026 21:00:00 +1000 Source: nagios4 Binary: nagios4 nagios4-cgi nagios4-cgi-dbgsym nagios4-core nagios4-core-dbgsym Architecture: arm64 Version: 4.4.6-4+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: arm64 Build Daemon (arm-ubc-05) Changed-By: Russell Stuart Description: nagios4 - host/service/network monitoring and management system nagios4-cgi - cgi files for nagios4 nagios4-core - host/service/network monitoring and management system core files Closes: 1136340 Changes: nagios4 (4.4.6-4+deb12u1) bookworm-security; urgency=high . * CSRF Security Fix backported from upstream 4.5.12 commit e5ed38e53a5d65721520c7c67be0746d63da28cb (cgi/cmd.c and html/index.php.in). See https://www.nagios.com/security-disclosures/nagios-core/4-5-12/ for the upstream disclosure. No CVE assigned. Closes: #1136340. * This can break third party integrations that POST to cmd.cgi without first setting NagFormId (the CSRF check fails). Upstream PR 1055 has been added as a workaround - see README.Debian. Checksums-Sha1: 4af389ecadd12eb4f7272ce887f48254a5809ff6 5730424 nagios4-cgi-dbgsym_4.4.6-4+deb12u1_arm64.deb 61e509369f34550b3dae406c2cf3030a15008cb9 1266912 nagios4-cgi_4.4.6-4+deb12u1_arm64.deb a65de9e0122723de802ec1f105b2ec4ceaea61cf 762872 nagios4-core-dbgsym_4.4.6-4+deb12u1_arm64.deb f0b579c585963a07ecb73e9b75ef6db8202fd7f7 231612 nagios4-core_4.4.6-4+deb12u1_arm64.deb f309784aaa3b996c9b85a70133ec97c7c6815729 10662 nagios4_4.4.6-4+deb12u1_arm64-buildd.buildinfo de07ac575797da7f66368accbd422e463e1bfb08 16296 nagios4_4.4.6-4+deb12u1_arm64.deb Checksums-Sha256: 1f4cddca444de1af802b1a8f9d288327d1a75ee8a88c532e2bb90be90711b4ed 5730424 nagios4-cgi-dbgsym_4.4.6-4+deb12u1_arm64.deb 1b06b4e71da7d91d6b8e6b3fd4c963483f1bcfdba8dd4e2ab758155bc713742e 1266912 nagios4-cgi_4.4.6-4+deb12u1_arm64.deb 0a6c1d1a06ba216db79399d6829289bcb098565bbb3a640a304bf545abf64d43 762872 nagios4-core-dbgsym_4.4.6-4+deb12u1_arm64.deb 6aa67c095aa5070c21d3fa0ed747c9535f944d95d0b949d66d9381cc8e48498d 231612 nagios4-core_4.4.6-4+deb12u1_arm64.deb 2cddfc9449d8a6a515f0dfc7b7f0c6d0099aa4efa8da78334f985cdbc1db08ee 10662 nagios4_4.4.6-4+deb12u1_arm64-buildd.buildinfo dbe12b072d5d40e7db2271b3aa9b7b252a5213628da491b87bad0ff299c846c7 16296 nagios4_4.4.6-4+deb12u1_arm64.deb Files: 570eafdf549b89522d848066fef640da 5730424 debug optional nagios4-cgi-dbgsym_4.4.6-4+deb12u1_arm64.deb 5f8eb13abba2ec5d1c92b91293927c58 1266912 net optional nagios4-cgi_4.4.6-4+deb12u1_arm64.deb 12877ed2e936bd5112fc3329cd716918 762872 debug optional nagios4-core-dbgsym_4.4.6-4+deb12u1_arm64.deb d8ae3daebfd2e5f4c949d39925777d1f 231612 net optional nagios4-core_4.4.6-4+deb12u1_arm64.deb 5eb5bf8806523818c41c861cb3eff945 10662 net optional nagios4_4.4.6-4+deb12u1_arm64-buildd.buildinfo 7374b354b71771585ddbf57c39048dcd 16296 net optional nagios4_4.4.6-4+deb12u1_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7rv+l3KtZdQea77lnwznazfjXToFAmoWCawACgkQnwznazfj XTqqghAArCi6pexX52fuUOJhuvy4G10yX8+8NiBeF0T2OVHIF3KmCDMiEk9I/Pat u3p1fYkFoNjomzgjHx3/TiJke54hBvczKs9f1R1BJ9WStRTYpRpGZIwXtuGV3pWl HyJ52j82mJyjx1WY8+OtMT6tQTBeB9YOT7OEHePZRVdwqmD9s3/0fJ/s+JSBjech B76x3W0kJR25pSUpo8x7xGFehNFN+xXDMAkoxlX6JM9V7cTazztsz7sXEk2FEhTK UlCaCNF3seL2UGTCPOTE/4p6LJh+rpPu55az8UC23BVsZLZgKNykJUvfmTtcFv2T T/6VA8xt5RKRsyMrroVD4OZnChX4m91+U4L1fBG4gqJusYiEsm7uyTw4alxGooW5 FFH7lVIPdH0eIX6YHeItSX1WowtKowo/BA2ci9z5n8eEmu3/bbS+KwpePvbk8vIz V7d8K36kfzgkvweMRXvTA0NqZCioTVjceOWQq1tDF88/XcL8qSfKk2iWTubvVqn8 oC5KN/VgKHw3Fox4G6z5/IXBT1hyi49AQez4CtQemJl77GE4vUcunKTUqDy/d4SP bmMcw8wZUBUWWPoHkpJ0wOIKn/e9crpaBzJWhdsvZut9UokrvzO8EiX2odY/d+m7 WqHn5V3B/wc85ZQLTIurUm4VyNFE6a8zkwkIUrKwGP3TajZRhKY= =+3VJ -----END PGP SIGNATURE-----