Amazon Linux 1 Security Advisory: ALAS-2013-268
Advisory Release Date: 2013-12-17 21:39 Pacific
Advisory Updated Date: 2014-09-16 22:14 Pacific
Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the host_regex parameter to the default URI, which is processed by get_context.php.
Affected Packages:
ganglia
Issue Correction:
Run yum update ganglia to update your system.
i686:
ganglia-web-3.5.10-3.6.amzn1.i686
ganglia-gmond-python-3.6.0-3.6.amzn1.i686
ganglia-gmetad-3.6.0-3.6.amzn1.i686
ganglia-gmond-3.6.0-3.6.amzn1.i686
ganglia-devel-3.6.0-3.6.amzn1.i686
ganglia-3.6.0-3.6.amzn1.i686
ganglia-debuginfo-3.6.0-3.6.amzn1.i686
src:
ganglia-3.6.0-3.6.amzn1.src
x86_64:
ganglia-gmond-3.6.0-3.6.amzn1.x86_64
ganglia-devel-3.6.0-3.6.amzn1.x86_64
ganglia-3.6.0-3.6.amzn1.x86_64
ganglia-debuginfo-3.6.0-3.6.amzn1.x86_64
ganglia-gmond-python-3.6.0-3.6.amzn1.x86_64
ganglia-web-3.5.10-3.6.amzn1.x86_64
ganglia-gmetad-3.6.0-3.6.amzn1.x86_64