-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 22 May 2026 20:45:00 +1000 Source: nagios4 Binary: nagios4 nagios4-cgi nagios4-cgi-dbgsym nagios4-core nagios4-core-dbgsym Architecture: amd64 Version: 4.4.6-4.1+deb13u1 Distribution: trixie-security Urgency: high Maintainer: all / amd64 / i386 Build Daemon (x86-grnet-03) Changed-By: Russell Stuart Description: nagios4 - host/service/network monitoring and management system nagios4-cgi - cgi files for nagios4 nagios4-core - host/service/network monitoring and management system core files Closes: 1136340 Changes: nagios4 (4.4.6-4.1+deb13u1) trixie-security; urgency=high . * CSRF Security Fix backported from upstream 4.5.12 commit e5ed38e53a5d65721520c7c67be0746d63da28cb (cgi/cmd.c and html/index.php.in). See https://www.nagios.com/security-disclosures/nagios-core/4-5-12/ for the upstream disclosure. No CVE assigned. Closes: #1136340. * This can break third party integrations that POST to cmd.cgi without first setting NagFormId (the CSRF check fails). Upstream PR 1055 has been added as a workaround - see README.Debian. Checksums-Sha1: 13fad4be5a61748e5fc0619c20ded5bbbb293a97 5652024 nagios4-cgi-dbgsym_4.4.6-4.1+deb13u1_amd64.deb 89ade7db4cdb9ce3e2a742a48693bff049609ab8 1332456 nagios4-cgi_4.4.6-4.1+deb13u1_amd64.deb 92e8edc1f7f90fe11257427c2606f95d1a107d75 737908 nagios4-core-dbgsym_4.4.6-4.1+deb13u1_amd64.deb b90169985a904647b7a4db398c483f4999cc1b04 251140 nagios4-core_4.4.6-4.1+deb13u1_amd64.deb dea58454974cdcd9623d8a9856065f3c684ee2ca 10198 nagios4_4.4.6-4.1+deb13u1_amd64-buildd.buildinfo 085c17a7e55a10405ec71d2934498e38eb94c9c0 16412 nagios4_4.4.6-4.1+deb13u1_amd64.deb Checksums-Sha256: 4ef5bb3a8da9a23ed7fa24f535d860053f9ecaa0926b5be41407322c5b1d9fae 5652024 nagios4-cgi-dbgsym_4.4.6-4.1+deb13u1_amd64.deb 626ecf3228b54bc99e39b408856d6b72c71105a1316723e50fdac45840375d80 1332456 nagios4-cgi_4.4.6-4.1+deb13u1_amd64.deb 318a3e3f7a0821b2e657ed3469215deeb0a22530c355ede9124fc4393ef8846c 737908 nagios4-core-dbgsym_4.4.6-4.1+deb13u1_amd64.deb 46614c355ac81f06f28668e73d9421e5c134f4d183c8193f97c464b4b1a21704 251140 nagios4-core_4.4.6-4.1+deb13u1_amd64.deb 272b68d0da622ecaf6f1def88465a6bafe9af83b87071747f80d3e1cd1b2c3b4 10198 nagios4_4.4.6-4.1+deb13u1_amd64-buildd.buildinfo 6f3c688b5e479a0acce311cd9eda38d628e192b0d2edfbb40d704c2f540f9a20 16412 nagios4_4.4.6-4.1+deb13u1_amd64.deb Files: d54337d4aab3f54faaad35928290db22 5652024 debug optional nagios4-cgi-dbgsym_4.4.6-4.1+deb13u1_amd64.deb 6a588ff322103c853539d12a23412ceb 1332456 net optional nagios4-cgi_4.4.6-4.1+deb13u1_amd64.deb 1c1a65c905ee0ec69d0966a44c39ba8c 737908 debug optional nagios4-core-dbgsym_4.4.6-4.1+deb13u1_amd64.deb 9595a86fc3dda83a384add9894decbbe 251140 net optional nagios4-core_4.4.6-4.1+deb13u1_amd64.deb 1de503dbd27aeb426a7ead8a1046953c 10198 net optional nagios4_4.4.6-4.1+deb13u1_amd64-buildd.buildinfo cb30e1ea45658994996ab63764937345 16412 net optional nagios4_4.4.6-4.1+deb13u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE5ZI1lXv5WjhHIVjsN8Ugyu9dQiQFAmoVZV8ACgkQN8Ugyu9d QiTfxBAAkArwHjaoxzhrQ9S7a8NSaQu3oRGctAuEshFunpzP5GEyhWGeNw9aN2ll bxSzszYaOotvP7QpLd9gjPQT0XQZy5BidxaWcAxH5zHoxCrlKKcVXVcN/YVhk3pw yB2XgoRmgsqs+rJLHsNRGW/BWOV3qfdSRWXGJKdpYKZpl7yLjtBgQqKOJKggb146 6aUCFr1uiMnW2h216SWbGUmU219yH2NnwP6orJ9iTRO+CcExayqBezR4lyY9IrK8 yosyr3FH1KGWy7DcEHPxSQWPIjRA8JSW9O9UmaNqxB1Pj3yHLPOyAlzlw+sGwPKc LXdn4UiTh+fLNUD13PY6+0YzmT17WSoq2eNkxjLxN5Qi2lH9vHtwvsNlS8n1zlkp FpmrLjc+Fb8+DAvD55ky56dYiewktAUVi1XsupHrBb8d9/jO/sqsCidO6AX+99ML neBalA0xUqlLgIf9B/FUUgltrFar/PMlctJ1gpG91clgVziyyNbzC6knV/G//Byn zkVKr3UMtxoTFCLTabG5IPochs9RnkCfllr2q2YUSTQfJY9oCOUHxx8cyfFF6mSs 52tXuB81j0GB7n4ouRLhe1W5NfIYm4wfCcrnPoVVc4VVK8WIBoveRz2ed1JlIaes eaOOipAdbAjFc+3Vn9ZsS2GUchkP/EzKKN4z6ZAejwAT3+LOxSk= =2D4C -----END PGP SIGNATURE-----