ALAS-2017-923


Amazon Linux AMI Security Advisory: ALAS-2017-923
Advisory Release Date: 2017-11-20 21:38 Pacific
Severity: Medium
References: CVE-2017-15194 

Issue Overview:

include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page. (CVE-2017-15194 )


Affected Packages:

cacti


Issue Correction:
Run yum update cacti to update your system.

New Packages:
noarch:
    cacti-1.1.19-2.18.amzn1.noarch

src:
    cacti-1.1.19-2.18.amzn1.src