MDVSA-2012:053

Package name

ocsinventory

Date

2012-04-04

Advisory ID

MDVSA-2012:053

Affected versions

MES5 i586 , MES5 x86_64

Problem description

A vulnerability has been found and corrected in ocsinventory:

Cross-site scripting (XSS) vulnerability in ocsinventory in OCS
Inventory NG 2.0.1 and earlier allows remote attackers to inject
arbitrary web script or HTML via unspecified vectors (CVE-2011-4024).

The updated packages have been patched to correct this issue.

Updated packages

MES5 i586

 12dd08c81f8f90f6939dd434d3d2fe4f  mes5/i586/ocsinventory-reports-1.02.3-0.2mdvmes5.2.noarch.rpm
 e4c05d2d757430c09ed85ed84e966762  mes5/i586/ocsinventory-server-1.02.3-0.2mdvmes5.2.noarch.rpm 
 35e61bc78f8a17d8f324e66bb8535b81  mes5/SRPMS/ocsinventory-1.02.3-0.2mdvmes5.2.src.rpm

MES5 x86_64

 a47a0bcb0cd1522b6d773892700ac09e  mes5/x86_64/ocsinventory-reports-1.02.3-0.2mdvmes5.2.noarch.rpm
 1ce5b1fccf7275b99e708477687fc960  mes5/x86_64/ocsinventory-server-1.02.3-0.2mdvmes5.2.noarch.rpm 
 35e61bc78f8a17d8f324e66bb8535b81  mes5/SRPMS/ocsinventory-1.02.3-0.2mdvmes5.2.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4024