-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 22 May 2026 21:00:00 +1000 Source: nagios4 Binary: nagios4 nagios4-cgi nagios4-cgi-dbgsym nagios4-core nagios4-core-dbgsym Architecture: s390x Version: 4.4.6-4+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: s390x Build Daemon (zandonai) Changed-By: Russell Stuart Description: nagios4 - host/service/network monitoring and management system nagios4-cgi - cgi files for nagios4 nagios4-core - host/service/network monitoring and management system core files Closes: 1136340 Changes: nagios4 (4.4.6-4+deb12u1) bookworm-security; urgency=high . * CSRF Security Fix backported from upstream 4.5.12 commit e5ed38e53a5d65721520c7c67be0746d63da28cb (cgi/cmd.c and html/index.php.in). See https://www.nagios.com/security-disclosures/nagios-core/4-5-12/ for the upstream disclosure. No CVE assigned. Closes: #1136340. * This can break third party integrations that POST to cmd.cgi without first setting NagFormId (the CSRF check fails). Upstream PR 1055 has been added as a workaround - see README.Debian. Checksums-Sha1: b7f99fae26133dc77ba28cfeac2c39208012c0dd 5580892 nagios4-cgi-dbgsym_4.4.6-4+deb12u1_s390x.deb 93dd4f7b5e92b24e0c701eaf4228e8e2496e2f2d 1218484 nagios4-cgi_4.4.6-4+deb12u1_s390x.deb 1a8b0b7153157b22107d1cd0c42aa8d7b02e0e53 750352 nagios4-core-dbgsym_4.4.6-4+deb12u1_s390x.deb 7c904f077590b24438dee4528223d1e26b7ba053 219736 nagios4-core_4.4.6-4+deb12u1_s390x.deb da820e94ca15a7a7dee59fc66f3c2652e9236379 10439 nagios4_4.4.6-4+deb12u1_s390x-buildd.buildinfo 736923ac53a03dd659765f069cb1a8a509dc0f7e 16296 nagios4_4.4.6-4+deb12u1_s390x.deb Checksums-Sha256: ad62bf37f409e30c349f952604edbffd79540f1ee1d5cd4cf5735bd713ff5e05 5580892 nagios4-cgi-dbgsym_4.4.6-4+deb12u1_s390x.deb d5d1458857070380c2be6d55824eff1eae230926849ec086f5216703e8c043f6 1218484 nagios4-cgi_4.4.6-4+deb12u1_s390x.deb bb0606a70d925d6c1e6b841d904db9c7725c0c536dc582095e073163541188b3 750352 nagios4-core-dbgsym_4.4.6-4+deb12u1_s390x.deb 4927786523338ed4cb4a6ad4496439c83294751fd88607a2cb8c468d00104f1b 219736 nagios4-core_4.4.6-4+deb12u1_s390x.deb 1cfbf268212bcd0b81054cdadc1894b1cbd1643d28cd1fec09b7491d93d68615 10439 nagios4_4.4.6-4+deb12u1_s390x-buildd.buildinfo e0f40905b8d517d440e029d42598535113a05c50791a1e14e31ae109e3361b1e 16296 nagios4_4.4.6-4+deb12u1_s390x.deb Files: 69d382dd4d558e2f71325b33d0d96e32 5580892 debug optional nagios4-cgi-dbgsym_4.4.6-4+deb12u1_s390x.deb 9ee6abd43f6f71132791fb8ca9ed205f 1218484 net optional nagios4-cgi_4.4.6-4+deb12u1_s390x.deb 0d0402cceac131113898da77f0930e9b 750352 debug optional nagios4-core-dbgsym_4.4.6-4+deb12u1_s390x.deb 1b9d8aaa0f9ad5472b25f907d14f8ce0 219736 net optional nagios4-core_4.4.6-4+deb12u1_s390x.deb 405940ffb399f462519c5f117ea243f7 10439 net optional nagios4_4.4.6-4+deb12u1_s390x-buildd.buildinfo 9bd9d101c73869797a786d53e9e7230a 16296 net optional nagios4_4.4.6-4+deb12u1_s390x.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEENly2ANlpa4eeqnluvVOPI7pYNpgFAmoWCfwACgkQvVOPI7pY NpjDMw//fL4006r9yuy9/nLABoE8DmPp+5asuwzWnfLMDGeNh5qtL2hdW6vGXPex 4o/fmHMLJJ8BYCmj8x93XqO/F1/DuAApJ1obvzUOezRc1SuQEl+BmxnIiqUg26zG FnHe1v06entlP8r5Z9QyTd+3cOwvDeutAXGV6FYK1+BbJAD/en6qnbUSzRwp1ALJ UMep07gsd7yDc7xjLHwJ8TCdZ00dc1tUU2iJSIYHmCqcNTysoF2pFAhTmfj2lobQ q6TVT2yB9ICeo90pl5vfdyaGf8DA+OqNI4hgeZnrYvvZL6vPo0zgkJvqQtHeGh9p UP825+JLs7pLfYbfKI0KlAB3phFqa/WC2ZNoWAGYMFHRKw30DkM97TALaVedY+V9 9FqVFfMhjCyOR8fTogFXHv8Fco4gIwq65m62jt0ko0cwY/UwfLD2dhePINXwUj1T aNQKuBJz7LesEsiNEt18XtnguUCmmkB7U1yj5X/6x1ViXNgFt011awtzV/DexcN9 ItbP7FcZ+NyATZlESOfprHZWz8yGYA01EcHGWw6nimUX5vHeA+guRIo9dKZ/JD04 SG6r6B/uFXMcjhKwVWMknpMQvR8mz+dZmQ0Y0krLsISM2bAzleO02mzjWnanVuHq Fi3z27PY7bZdw/2WdHDatZIEOQSDdHlPLWtaouvUte7/27weaNc= =9vCG -----END PGP SIGNATURE-----