Package name
nagios
Date
2012-04-02
Advisory ID
MDVSA-2012:049
Affected versions
MES5 i586 , MES5 x86_64

Problem description

A vulnerability has been found and corrected in nagios:

Cross-site scripting (XSS) vulnerability in statusmap.c in
statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers
to inject arbitrary web script or HTML via the layer parameter
(CVE-2011-1523).

The updated packages have been patched to correct this issue.

Updated packages

MES5 i586

 059a6231a27f937cfa57b57aa79a630d  mes5/i586/nagios-3.1.2-0.3mdvmes5.2.i586.rpm
 5ea3868c9be08f8765c2f97157203026  mes5/i586/nagios-devel-3.1.2-0.3mdvmes5.2.i586.rpm
 4b35173acef9ee6863c5f02d63ffa7fe  mes5/i586/nagios-theme-default-3.1.2-0.3mdvmes5.2.i586.rpm
 7bd8eaade4d3dba2e07457b9515ab710  mes5/i586/nagios-www-3.1.2-0.3mdvmes5.2.i586.rpm 
 0053e07519244b41c51dae08cafccebf  mes5/SRPMS/nagios-3.1.2-0.3mdvmes5.2.src.rpm

MES5 x86_64

 b68e9b999f0aacdb99e6ce85a1b670cd  mes5/x86_64/nagios-3.1.2-0.3mdvmes5.2.x86_64.rpm
 4d1c36401b054919973893f3fae7d366  mes5/x86_64/nagios-devel-3.1.2-0.3mdvmes5.2.x86_64.rpm
 1acfd0ecece2a841b1f68783e734d2ac  mes5/x86_64/nagios-theme-default-3.1.2-0.3mdvmes5.2.x86_64.rpm
 e1bd24938b0b2dd7f5fb9f72bf50ca61  mes5/x86_64/nagios-www-3.1.2-0.3mdvmes5.2.x86_64.rpm 
 0053e07519244b41c51dae08cafccebf  mes5/SRPMS/nagios-3.1.2-0.3mdvmes5.2.src.rpm

References