MDVSA-2012:049
- Package name
- nagios
- Date
- 2012-04-02
- Advisory ID
- MDVSA-2012:049
- Affected versions
- MES5 i586 , MES5 x86_64
Problem description
A vulnerability has been found and corrected in nagios:
Cross-site scripting (XSS) vulnerability in statusmap.c in
statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers
to inject arbitrary web script or HTML via the layer parameter
(CVE-2011-1523).
The updated packages have been patched to correct this issue.
Updated packages
MES5 i586
059a6231a27f937cfa57b57aa79a630d mes5/i586/nagios-3.1.2-0.3mdvmes5.2.i586.rpm 5ea3868c9be08f8765c2f97157203026 mes5/i586/nagios-devel-3.1.2-0.3mdvmes5.2.i586.rpm 4b35173acef9ee6863c5f02d63ffa7fe mes5/i586/nagios-theme-default-3.1.2-0.3mdvmes5.2.i586.rpm 7bd8eaade4d3dba2e07457b9515ab710 mes5/i586/nagios-www-3.1.2-0.3mdvmes5.2.i586.rpm 0053e07519244b41c51dae08cafccebf mes5/SRPMS/nagios-3.1.2-0.3mdvmes5.2.src.rpm
MES5 x86_64
b68e9b999f0aacdb99e6ce85a1b670cd mes5/x86_64/nagios-3.1.2-0.3mdvmes5.2.x86_64.rpm 4d1c36401b054919973893f3fae7d366 mes5/x86_64/nagios-devel-3.1.2-0.3mdvmes5.2.x86_64.rpm 1acfd0ecece2a841b1f68783e734d2ac mes5/x86_64/nagios-theme-default-3.1.2-0.3mdvmes5.2.x86_64.rpm e1bd24938b0b2dd7f5fb9f72bf50ca61 mes5/x86_64/nagios-www-3.1.2-0.3mdvmes5.2.x86_64.rpm 0053e07519244b41c51dae08cafccebf mes5/SRPMS/nagios-3.1.2-0.3mdvmes5.2.src.rpm