| |||||||||||||||||||
Ubuntu alert USN-1151-1 (nagios3)
========================================================================== Ubuntu Security Notice USN-1151-1 June 15, 2011 nagios3 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: An attacker could modify or steal data if you were tricked into clicking on a special link to Nagios. Software Description: - nagios3: A host/service/network monitoring and management system Details: Stefan Schurtz discovered than Nagios did not properly sanitize its input when processing certain requests, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: nagios3-cgi 3.2.3-1ubuntu1.2 Ubuntu 10.10: nagios3-cgi 3.2.1-2ubuntu1.2 Ubuntu 10.04 LTS: nagios3-cgi 3.2.0-4ubuntu2.2 After a standard system update you need to restart Nagios to make all the necessary changes. References: CVE-2011-1523, CVE-2011-2179 Package Information: https://launchpad.net/ubuntu/+source/nagios3/3.2.3-1ubunt... https://launchpad.net/ubuntu/+source/nagios3/3.2.1-2ubunt... https://launchpad.net/ubuntu/+source/nagios3/3.2.0-4ubunt... -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security... (Log in to post comments)
Ubuntu security update to nagios3 Posted Jun 17, 2011 20:46 UTC (Fri) by Mike (guest, #75759) [Link]
These have already been fixed. Check the Nagios bug tracker.
tracker.nagios.org
|
|||||||||||||||||||