drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in Nagios
| Name: |
Zwei Probleme in Nagios |
|
| ID: |
USN-1151-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 |
|
| Datum: |
Mi, 15. Juni 2011, 22:35 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1523
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2179 |
|
| Applikationen: |
Nagios |
|
Originalnachricht |
--===============0210054078266957224==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature"; boundary="=-dXvStTZ/7bL3+87g+SVi"
--=-dXvStTZ/7bL3+87g+SVi
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable
==========================================================================
Ubuntu Security Notice USN-1151-1
June 15, 2011
nagios3 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
An attacker could modify or steal data if you were tricked into clicking on
a special link to Nagios.
Software Description:
- nagios3: A host/service/network monitoring and management system
Details:
Stefan Schurtz discovered than Nagios did not properly sanitize its input
when processing certain requests, resulting in cross-site scripting (XSS)
vulnerabilities. With cross-site scripting vulnerabilities, if a user were
tricked into viewing server output during a crafted server request, a
remote attacker could exploit this to modify the contents, or steal
confidential data, within the same domain.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.04:
nagios3-cgi 3.2.3-1ubuntu1.2
Ubuntu 10.10:
nagios3-cgi 3.2.1-2ubuntu1.2
Ubuntu 10.04 LTS:
nagios3-cgi 3.2.0-4ubuntu2.2
After a standard system update you need to restart Nagios to make
all the necessary changes.
References:
CVE-2011-1523, CVE-2011-2179
Package Information:
https://launchpad.net/ubuntu/+source/nagios3/3.2.3-1ubuntu1.2
https://launchpad.net/ubuntu/+source/nagios3/3.2.1-2ubuntu1.2
https://launchpad.net/ubuntu/+source/nagios3/3.2.0-4ubuntu2.2
--ÝXvStTZ/7bL3+87g+SVi
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJN+Pr4AAoJEGVp2FWnRL6TsJUQAKk3WrDx3phzswdVN4Q5JAGS
SHNk15kzwrdRFu6wdh8grHjn2Me56TDTEXhxOAfV0nLw2Wp+yu0dlzazUo0ooae6
aRDXyjCpx3KOey/WDxaXK3JcHJBq8OXEiiRpWOS4tCZaUkquHbvYuvMInZ1LAuOx
KonTtTZ/qgwsQbQOY8a4S33BynzowWJg9LcTO0Zea3p5FdND40eRXKGOyDcisfcx
9xoTJDjPBl3WDAHEodHJdDWd7EEsEbT/KMbmfo2R71vuSs6DUzclj2kUy90QcNcc
NXBUokJNh5TMGw6stZ7AJi4Xeqv27NTrb3aogR5zSAqVch8qoouQU59L/s2Td+QK
cQJgwpq2vRTbJlmK2dIP378XhicvGs/dlzsS6qkkJ/n8VKb8DFAZSFY405CgxQPv
LdAFvxpFQnPlduTlgRBaAtlpuGoXxLZV+8DPk6qkJ3nsvZxTaOGc/73Pc9wJNzh7
7lQ+Ksxh5xqYyxUZL6Vz8+sMJaQG1TfIdvQl736YpkPELNi14C1E77M07Zgm7RUR
oxdqYjrzTY44AgezTDahrpmTyIK7cHIFdIpSgkXTvbtxwQfTfy4q5KwVN6okd0iS
LQRoei2v8np4inAYuwFR3GI1Z+0CSmbo1ood3kqIeNZfM6ML8ASDbUIkh3RJ5g+O
2iX9FahQQMt/HIAAucOE
=pqw2
-----END PGP SIGNATURE-----
--=-dXvStTZ/7bL3+87g+SVi--
--===============0210054078266957224==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============0210054078266957224==--
|
|
|
|
