-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 22 May 2026 21:00:00 +1000 Source: nagios4 Binary: nagios4 nagios4-cgi nagios4-cgi-dbgsym nagios4-core nagios4-core-dbgsym Architecture: i386 Version: 4.4.6-4+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: i386 Build Daemon (x86-grnet-01) Changed-By: Russell Stuart Description: nagios4 - host/service/network monitoring and management system nagios4-cgi - cgi files for nagios4 nagios4-core - host/service/network monitoring and management system core files Closes: 1136340 Changes: nagios4 (4.4.6-4+deb12u1) bookworm-security; urgency=high . * CSRF Security Fix backported from upstream 4.5.12 commit e5ed38e53a5d65721520c7c67be0746d63da28cb (cgi/cmd.c and html/index.php.in). See https://www.nagios.com/security-disclosures/nagios-core/4-5-12/ for the upstream disclosure. No CVE assigned. Closes: #1136340. * This can break third party integrations that POST to cmd.cgi without first setting NagFormId (the CSRF check fails). Upstream PR 1055 has been added as a workaround - see README.Debian. Checksums-Sha1: a36b390e69e1eb23f37897024f30cc561dc9a6dd 4796284 nagios4-cgi-dbgsym_4.4.6-4+deb12u1_i386.deb 838670f1e90097906255d1cd1426808151ca4d9b 1331924 nagios4-cgi_4.4.6-4+deb12u1_i386.deb 42ab2dc8873bfc66cf3310e18413a2bc8fb0291b 640996 nagios4-core-dbgsym_4.4.6-4+deb12u1_i386.deb 4d4a0e7e2b354e20d3df905a55dc25352e231f15 263380 nagios4-core_4.4.6-4+deb12u1_i386.deb 8cc1a0e31d948a0556bd95deeef64cf30952416c 10545 nagios4_4.4.6-4+deb12u1_i386-buildd.buildinfo 24858a0d83c1198de04cda277e5868151be4e15d 16296 nagios4_4.4.6-4+deb12u1_i386.deb Checksums-Sha256: 53ed5d722acf9fc2bd9445f1309d64db72e367f46f2a6a145f7c9bc01dec0b58 4796284 nagios4-cgi-dbgsym_4.4.6-4+deb12u1_i386.deb 3aa1041b480098b644e29e5c54c926ac303ea17007cd45e14352aca72c4de3c2 1331924 nagios4-cgi_4.4.6-4+deb12u1_i386.deb 3748039ef841c83bc3be19be58445f160e60cd93f0deef20bbea9d12ec9b439f 640996 nagios4-core-dbgsym_4.4.6-4+deb12u1_i386.deb acf464d51ecf87d54d4afe77992377d71176485453358c6dc4e60e698b4e237a 263380 nagios4-core_4.4.6-4+deb12u1_i386.deb 988806bb6b3a779d4ff824306104e0162558843d26ae5c5c7e45e36fdbdca09b 10545 nagios4_4.4.6-4+deb12u1_i386-buildd.buildinfo e9bad56929b0d3c7ee9d4ef0d9269f9e8cb2455bb9384e8ffe168b30e5005078 16296 nagios4_4.4.6-4+deb12u1_i386.deb Files: 2ed54f9100a31e9ed4b5a76425e436f4 4796284 debug optional nagios4-cgi-dbgsym_4.4.6-4+deb12u1_i386.deb b16e06a1a443f3d46d0e75d10e17f428 1331924 net optional nagios4-cgi_4.4.6-4+deb12u1_i386.deb 813b7afb748a48cd4eb63c0c339e16b8 640996 debug optional nagios4-core-dbgsym_4.4.6-4+deb12u1_i386.deb 4cce7814088c866b01ae5b8de683eac0 263380 net optional nagios4-core_4.4.6-4+deb12u1_i386.deb 32ad0b61bf75f6f878a51eabc85413f3 10545 net optional nagios4_4.4.6-4+deb12u1_i386-buildd.buildinfo e8ca044185271dd50be7f762102196a0 16296 net optional nagios4_4.4.6-4+deb12u1_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEPAUaMA0H0rOy6qBWf2INRiCdaWIFAmoWCgoACgkQf2INRiCd aWKiFA//ep8S2mdnJnbvilioxPt07ylvg78SBpxX0ROS3G/Fi4HVYvp6amrndaUF Z10K4SO/dh+bFJPBCG0fyKnA1zeRfa8yntns8CAziQEBJMxP8XfsBNwzwtjJU/Ki HB0W4JOocI4OJE2dQ4SyWtjYMCIqX49Pk8bLxcoaT9UdnlW4cSQhevm4NDijdB+2 U8z8CDZUj7THX5XwE5vkI1Cr0vXKznp2yEOA9hegTnaNA7aTP7aj0YNV1+FZfymq IsM6X+yXmeg0UTI+IU1ldFuwauWPa6igHG6UNhoMSTtskGoHHLi0nqVs7jsgjPJp KHizPgtKHz3uEYWVbbPi5dxAYbDLbLY9rTLO4vXmCiipJjzSmYGK2exrLqGmnGLf 469/q9/FrFdtNYhIt/XT2QMtglJvGNTn5a5Qu2oK83E7b3s//LZqrziBjkCmamq4 nujPdb8Es0eL9SYw4AWhAWmSvjDCp3QOlzF17Y+E4xTt1D/9V1wz32fIoYgmXN8H uIS+UAMHUJJkdLHTGDeq4f/nPMoFwTEJQzR4tYVty56b++NpeYRy91fNTNNwcxBU nicrd77dGjoSsn8qb3WBBjoD8Bpmssvu8d6hsIJyYchsSjgctGabiap69OYK4HKj PEHYiYg71+BbpjHzb2PyNt5DuZ4uTpx/fE0mzZ7J6zahy1Vg3e8= =9D6L -----END PGP SIGNATURE-----