ALAS-2013-268


Amazon Linux AMI Security Advisory: ALAS-2013-268
Advisory Release Date: 2014-09-16 22:14 Pacific
Severity: Medium
References: CVE-2013-6395 

Issue Overview:

Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the host_regex parameter to the default URI, which is processed by get_context.php.


Affected Packages:

ganglia


Issue Correction:
Run yum update ganglia to update your system.

New Packages:
i686:
    ganglia-web-3.5.10-3.6.amzn1.i686
    ganglia-gmond-python-3.6.0-3.6.amzn1.i686
    ganglia-gmetad-3.6.0-3.6.amzn1.i686
    ganglia-gmond-3.6.0-3.6.amzn1.i686
    ganglia-devel-3.6.0-3.6.amzn1.i686
    ganglia-3.6.0-3.6.amzn1.i686
    ganglia-debuginfo-3.6.0-3.6.amzn1.i686

src:
    ganglia-3.6.0-3.6.amzn1.src

x86_64:
    ganglia-gmond-3.6.0-3.6.amzn1.x86_64
    ganglia-devel-3.6.0-3.6.amzn1.x86_64
    ganglia-3.6.0-3.6.amzn1.x86_64
    ganglia-debuginfo-3.6.0-3.6.amzn1.x86_64
    ganglia-gmond-python-3.6.0-3.6.amzn1.x86_64
    ganglia-web-3.5.10-3.6.amzn1.x86_64
    ganglia-gmetad-3.6.0-3.6.amzn1.x86_64