-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2012:049 http://www.mandriva.com/security/ _______________________________________________________________________ Package : nagios Date : April 2, 2012 Affected: Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in nagios: Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter (CVE-2011-1523). The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1523 _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: 059a6231a27f937cfa57b57aa79a630d mes5/i586/nagios-3.1.2-0.3mdvmes5.2.i586.rpm 5ea3868c9be08f8765c2f97157203026 mes5/i586/nagios-devel-3.1.2-0.3mdvmes5.2.i586.rpm 4b35173acef9ee6863c5f02d63ffa7fe mes5/i586/nagios-theme-default-3.1.2-0.3mdvmes5.2.i586.rpm 7bd8eaade4d3dba2e07457b9515ab710 mes5/i586/nagios-www-3.1.2-0.3mdvmes5.2.i586.rpm 0053e07519244b41c51dae08cafccebf mes5/SRPMS/nagios-3.1.2-0.3mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: b68e9b999f0aacdb99e6ce85a1b670cd mes5/x86_64/nagios-3.1.2-0.3mdvmes5.2.x86_64.rpm 4d1c36401b054919973893f3fae7d366 mes5/x86_64/nagios-devel-3.1.2-0.3mdvmes5.2.x86_64.rpm 1acfd0ecece2a841b1f68783e734d2ac mes5/x86_64/nagios-theme-default-3.1.2-0.3mdvmes5.2.x86_64.rpm e1bd24938b0b2dd7f5fb9f72bf50ca61 mes5/x86_64/nagios-www-3.1.2-0.3mdvmes5.2.x86_64.rpm 0053e07519244b41c51dae08cafccebf mes5/SRPMS/nagios-3.1.2-0.3mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFPeZuzmqjQ0CJFipgRAlL0AKDTKQqhXBEzJhsawP5hmcZ76xqpGQCgvVFL e0TOzup0G+UYm5DCWfpPBAA= =hX9s -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/