ALAS-2012-050


Amazon Linux AMI Security Advisory: ALAS-2012-50
Advisory Release Date: 2014-09-14 15:36 Pacific
Severity: Medium
References: CVE-2011-2179 

Issue Overview:

Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.


Affected Packages:

nagios


Issue Correction:
Run yum update nagios to update your system.

New Packages:
i686:
    nagios-debuginfo-3.3.1-3.4.amzn1.i686
    nagios-3.3.1-3.4.amzn1.i686
    nagios-devel-3.3.1-3.4.amzn1.i686
    nagios-common-3.3.1-3.4.amzn1.i686

src:
    nagios-3.3.1-3.4.amzn1.src

x86_64:
    nagios-common-3.3.1-3.4.amzn1.x86_64
    nagios-devel-3.3.1-3.4.amzn1.x86_64
    nagios-3.3.1-3.4.amzn1.x86_64
    nagios-debuginfo-3.3.1-3.4.amzn1.x86_64