Amazon Linux AMI Security Advisory: ALAS-2012-50
Advisory Release Date: 2012-03-04 16:10 Pacific
Advisory Updated Date: 2014-09-14 15:36 Pacific
Severity:
Medium
References:
CVE-2011-2179
Issue Overview:
Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.
Affected Packages:
nagios
Issue Correction:
Run yum update nagios to update your system.
New Packages:
i686:
nagios-debuginfo-3.3.1-3.4.amzn1.i686
nagios-3.3.1-3.4.amzn1.i686
nagios-devel-3.3.1-3.4.amzn1.i686
nagios-common-3.3.1-3.4.amzn1.i686
src:
nagios-3.3.1-3.4.amzn1.src
x86_64:
nagios-common-3.3.1-3.4.amzn1.x86_64
nagios-devel-3.3.1-3.4.amzn1.x86_64
nagios-3.3.1-3.4.amzn1.x86_64
nagios-debuginfo-3.3.1-3.4.amzn1.x86_64