Amazon Linux 1 Security Advisory: ALAS-2012-50
Advisory Release Date: 2012-03-04 16:10 Pacific
Advisory Updated Date: 2014-09-14 15:36 Pacific
Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.
Affected Packages:
nagios
Issue Correction:
Run yum update nagios to update your system.
i686:
nagios-debuginfo-3.3.1-3.4.amzn1.i686
nagios-3.3.1-3.4.amzn1.i686
nagios-devel-3.3.1-3.4.amzn1.i686
nagios-common-3.3.1-3.4.amzn1.i686
src:
nagios-3.3.1-3.4.amzn1.src
x86_64:
nagios-common-3.3.1-3.4.amzn1.x86_64
nagios-devel-3.3.1-3.4.amzn1.x86_64
nagios-3.3.1-3.4.amzn1.x86_64
nagios-debuginfo-3.3.1-3.4.amzn1.x86_64