Mandriva Linux Security Advisory 2012-049 - Cross-site scripting vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter. The updated packages have been patched to correct this issue.
f89dda035b10b7cb0cea37643164ca192f767b587a8cd37c87951f667973bff8-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2012:049
http://www.mandriva.com/security/
_______________________________________________________________________
Package : nagios
Date : April 2, 2012
Affected: Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in nagios:
Cross-site scripting (XSS) vulnerability in statusmap.c in
statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers
to inject arbitrary web script or HTML via the layer parameter
(CVE-2011-1523).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1523
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5:
059a6231a27f937cfa57b57aa79a630d mes5/i586/nagios-3.1.2-0.3mdvmes5.2.i586.rpm
5ea3868c9be08f8765c2f97157203026 mes5/i586/nagios-devel-3.1.2-0.3mdvmes5.2.i586.rpm
4b35173acef9ee6863c5f02d63ffa7fe mes5/i586/nagios-theme-default-3.1.2-0.3mdvmes5.2.i586.rpm
7bd8eaade4d3dba2e07457b9515ab710 mes5/i586/nagios-www-3.1.2-0.3mdvmes5.2.i586.rpm
0053e07519244b41c51dae08cafccebf mes5/SRPMS/nagios-3.1.2-0.3mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
b68e9b999f0aacdb99e6ce85a1b670cd mes5/x86_64/nagios-3.1.2-0.3mdvmes5.2.x86_64.rpm
4d1c36401b054919973893f3fae7d366 mes5/x86_64/nagios-devel-3.1.2-0.3mdvmes5.2.x86_64.rpm
1acfd0ecece2a841b1f68783e734d2ac mes5/x86_64/nagios-theme-default-3.1.2-0.3mdvmes5.2.x86_64.rpm
e1bd24938b0b2dd7f5fb9f72bf50ca61 mes5/x86_64/nagios-www-3.1.2-0.3mdvmes5.2.x86_64.rpm
0053e07519244b41c51dae08cafccebf mes5/SRPMS/nagios-3.1.2-0.3mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFPeZuzmqjQ0CJFipgRAlL0AKDTKQqhXBEzJhsawP5hmcZ76xqpGQCgvVFL
e0TOzup0G+UYm5DCWfpPBAA=
=hX9s
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed