drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Cross-Site Scripting in Nagios
Name: |
Cross-Site Scripting in Nagios |
|
ID: |
MDVSA-2012:049 |
|
Distribution: |
Mandriva |
|
Plattformen: |
Mandriva Enterprise Server 5.0 |
|
Datum: |
Di, 3. April 2012, 08:09 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1523 |
|
Applikationen: |
Nagios |
|
Originalnachricht |
This is a multi-part message in MIME format...
------------=_1333381148-2905-121
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2012:049 http://www.mandriva.com/security/ _______________________________________________________________________
Package : nagios Date : April 2, 2012 Affected: Enterprise Server 5.0 _______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in nagios: Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter (CVE-2011-1523). The updated packages have been patched to correct this issue. _______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1523 _______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5: 059a6231a27f937cfa57b57aa79a630d mes5/i586/nagios-3.1.2-0.3mdvmes5.2.i586.rpm 5ea3868c9be08f8765c2f97157203026 mes5/i586/nagios-devel-3.1.2-0.3mdvmes5.2.i586.rpm 4b35173acef9ee6863c5f02d63ffa7fe mes5/i586/nagios-theme-default-3.1.2-0.3mdvmes5.2.i586.rpm 7bd8eaade4d3dba2e07457b9515ab710 mes5/i586/nagios-www-3.1.2-0.3mdvmes5.2.i586.rpm 0053e07519244b41c51dae08cafccebf mes5/SRPMS/nagios-3.1.2-0.3mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64: b68e9b999f0aacdb99e6ce85a1b670cd mes5/x86_64/nagios-3.1.2-0.3mdvmes5.2.x86_64.rpm 4d1c36401b054919973893f3fae7d366 mes5/x86_64/nagios-devel-3.1.2-0.3mdvmes5.2.x86_64.rpm 1acfd0ecece2a841b1f68783e734d2ac mes5/x86_64/nagios-theme-default-3.1.2-0.3mdvmes5.2.x86_64.rpm e1bd24938b0b2dd7f5fb9f72bf50ca61 mes5/x86_64/nagios-www-3.1.2-0.3mdvmes5.2.x86_64.rpm 0053e07519244b41c51dae08cafccebf mes5/SRPMS/nagios-3.1.2-0.3mdvmes5.2.src.rpm _______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com _______________________________________________________________________
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFPeZuzmqjQ0CJFipgRAlL0AKDTKQqhXBEzJhsawP5hmcZ76xqpGQCgvVFL e0TOzup0G+UYm5DCWfpPBAA= =hX9s -----END PGP SIGNATURE-----
------------=_1333381148-2905-121 Content-Type: text/plain; charset="UTF-8"; name="message-footer.txt" Content-Disposition: inline; filename="message-footer.txt" Content-Transfer-Encoding: 8bit
To unsubscribe, send a email to sympa@mandrivalinux.org with this subject : unsubscribe security-announce _______________________________________________________ Want to buy your Pack or Services from Mandriva? Go to http://www.mandrivastore.com Join the Club : http://www.mandrivaclub.com _______________________________________________________
------------=_1333381148-2905-121--
|
|
|
|