-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 22 May 2026 21:00:00 +1000 Source: nagios4 Binary: nagios4 nagios4-cgi nagios4-cgi-dbgsym nagios4-core nagios4-core-dbgsym Architecture: ppc64el Version: 4.4.6-4+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: ppc64el Build Daemon (ppc64el-osuosl-02) Changed-By: Russell Stuart Description: nagios4 - host/service/network monitoring and management system nagios4-cgi - cgi files for nagios4 nagios4-core - host/service/network monitoring and management system core files Closes: 1136340 Changes: nagios4 (4.4.6-4+deb12u1) bookworm-security; urgency=high . * CSRF Security Fix backported from upstream 4.5.12 commit e5ed38e53a5d65721520c7c67be0746d63da28cb (cgi/cmd.c and html/index.php.in). See https://www.nagios.com/security-disclosures/nagios-core/4-5-12/ for the upstream disclosure. No CVE assigned. Closes: #1136340. * This can break third party integrations that POST to cmd.cgi without first setting NagFormId (the CSRF check fails). Upstream PR 1055 has been added as a workaround - see README.Debian. Checksums-Sha1: bd46f2988451c2c990f54c95fae003fde5a23b4b 6102624 nagios4-cgi-dbgsym_4.4.6-4+deb12u1_ppc64el.deb 1fc927f2961e06fa5a71303755e5095410a3fbd7 1344112 nagios4-cgi_4.4.6-4+deb12u1_ppc64el.deb 03f1febfbb71416ab210d67575a183f33941554e 787836 nagios4-core-dbgsym_4.4.6-4+deb12u1_ppc64el.deb 105f66dcb442ac9b235b913442f66e4f6cb0452c 272744 nagios4-core_4.4.6-4+deb12u1_ppc64el.deb b35b04e21e79adb496ada8216c4b9c85de0c4480 10677 nagios4_4.4.6-4+deb12u1_ppc64el-buildd.buildinfo aee7e91ead5270d872e974f8743b2401e47d6b73 16300 nagios4_4.4.6-4+deb12u1_ppc64el.deb Checksums-Sha256: 881dc57d0d689f547d289f3731515f74b3617764c565bc10affb67d1afd21a79 6102624 nagios4-cgi-dbgsym_4.4.6-4+deb12u1_ppc64el.deb fee51c3d3b91b5181f5cf806b34544809c4a2adccf40ac9c35cfc6670b060d28 1344112 nagios4-cgi_4.4.6-4+deb12u1_ppc64el.deb ed0a6da8ebb0d22991238e1af5ed3195b49916a312e1cfc40008187b8e1f17d3 787836 nagios4-core-dbgsym_4.4.6-4+deb12u1_ppc64el.deb b0b8e8d805bdd7c7f69f18eb03485fcef9b1e241d2c7b6a9a56fd1079acdcd64 272744 nagios4-core_4.4.6-4+deb12u1_ppc64el.deb 5c386ec6e1361ea4afb6c688771760aa2a845380e140398c684611e34b9c70cf 10677 nagios4_4.4.6-4+deb12u1_ppc64el-buildd.buildinfo 300c15d22dc9fe91adcf30daca57d8445aff037fadb5df6764ff9b6ce7cb7e30 16300 nagios4_4.4.6-4+deb12u1_ppc64el.deb Files: 93ebfd1ffc3fd0ecdad3e875681ed94c 6102624 debug optional nagios4-cgi-dbgsym_4.4.6-4+deb12u1_ppc64el.deb 7dadbd09758ad34f603d49dfb81de088 1344112 net optional nagios4-cgi_4.4.6-4+deb12u1_ppc64el.deb 7f4e052ae85217af1b08075f992ec748 787836 debug optional nagios4-core-dbgsym_4.4.6-4+deb12u1_ppc64el.deb 47e6fa0feb505665e0a81395de678615 272744 net optional nagios4-core_4.4.6-4+deb12u1_ppc64el.deb 0ffdf3dcd2e5439b09e54889a79cb25d 10677 net optional nagios4_4.4.6-4+deb12u1_ppc64el-buildd.buildinfo 6e23c93615e6356351dc9649bdaa94b0 16300 net optional nagios4_4.4.6-4+deb12u1_ppc64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE9ibmwdV9gdKNbK7oV8ucRsMTpuMFAmoWCZsACgkQV8ucRsMT puNtIg/+N25nXm1EYIqQL0QvL//kILExQGwdGqEKF98Sxjs7MYN9Hnro0F8w9lVr 104QDV0rc0zDYGhdvefAW9d1Zgvhhx0Z4IV3yudte/bfE2de4h9CBqkrR9SYSZUJ /kVuzNlkfwYqHZljRtvsAUhUQthRRZATGfmnCeaRr8mv78UQhI95R0z+Q9lUgm+X yiCFeYDs/ktJZb24LF2xPEu63P/Ejn+CJDsSbAB2HalrSRkQJaTii7kvGZu1Yj77 MuntegR+w+o+6VFrkN2JDWSJC/b/JIOVKfyJfrI/Aiv08oW6jGWSLNAyUkuPRAbH JnkyYMGWW3y7ovLv3hmqat3oA81oW1cYSHtkm4u/Eyc6s7Iv3QeXMq7ZZMkgJkkv 3nFpJxrEwU/eQ2gTjig20J3dREAm+xazDR0syBjah8b6cXLJQK3TiDmqjjaUOU+8 uWTn9N01FgBbcsIuZUz3VJ5Gr8oK59olgQ1Kv/OIS/mPYafU5SkaBGyanftS/a5K 35jeGJM8G0CzAQ/w868kad4SOwN4ZTX+3VCTwO8FVYnSzHKM0RXioYIJEps7IxoO T0+cO/K80RyqQWyPH4531FoNucb515/ttekmXc36QPenKt6Jhs9bkUMB5oGk+5nM SoChpD9nu82XIv+PQQRwzND9bOOK55eVVBJrM+p4hj+Juc103a4= =3jTt -----END PGP SIGNATURE-----