ALAS-2013-203


Amazon Linux AMI Security Advisory: ALAS-2013-203
Advisory Release Date: 2014-09-15 23:31 Pacific
Severity: Important
References: CVE-2013-1362 

Issue Overview:

Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.


Affected Packages:

nrpe


Issue Correction:
Run yum update nrpe to update your system.

New Packages:
i686:
    nagios-plugins-nrpe-2.14-3.5.amzn1.i686
    nrpe-2.14-3.5.amzn1.i686
    nrpe-debuginfo-2.14-3.5.amzn1.i686

src:
    nrpe-2.14-3.5.amzn1.src

x86_64:
    nagios-plugins-nrpe-2.14-3.5.amzn1.x86_64
    nrpe-2.14-3.5.amzn1.x86_64
    nrpe-debuginfo-2.14-3.5.amzn1.x86_64