| |||||||||||||||||||
Mageia alert MGASA-2012-0165 (backuppc)
MGASA-2012-0165 Date: July 14th, 2012 Affected releases: 1 Description: Updated backuppc packages fix security vulnerabilities: Cross-site scripting (XSS) vulnerability in RestoreFile.pm in BackupPC 3.1.0, 3.2.1, and possibly other earlier versions allows remote attackers to inject arbitrary web script or HTML via the share parameter in a RestoreFile action to index.cgi (CVE-2011-5081). Cross-site scripting (XSS) vulnerability in View.pm in BackupPC 3.0.0, 3.1.0, 3.2.0, 3.2.1, and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the num parameter in a view action to index.cgi, related to the log file viewer (CVE-2011-4923). Also, This update package corrects/improves the definition of variables in config.pl, the configuration file of backuppc: the variables SshPath, SmbClientPath, NmbLookupPath, TarClientPath, TopDir. As a result, backuppc should now run with the default values installed by the Mageia package, modifications of config.pl should only be required for defining site-specific settings. Finally, This update also fixes a bug which blocked correct use of the Configuration Editor in the Web-interface to backuppc. Updated Packages: backuppc-3.2.0-6.mga1 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5081 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4923 http://www.ubuntu.com/usn/usn-1444-1/ https://bugs.mageia.org/show_bug.cgi?id=6530 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-... (Log in to post comments)
|
|||||||||||||||||||