ALAS-2020-1412

Amazon Linux 1 Security Advisory: ALAS-2020-1412
Advisory Release Date: 2020-07-28 17:22 Pacific
Advisory Updated Date: 2020-07-29 21:30 Pacific

Severity: Low

References: CVE-2016-10245
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Insufficient sanitization of the query parameter in templates/html/search_opensearch.php could lead to reflected cross-site scripting or iframe injection. (CVE-2016-10245)

Affected Packages:

doxygen

Issue Correction:
Run yum update doxygen to update your system.

New Packages:

i686:
    doxygen-debuginfo-1.8.5-4.14.amzn1.i686
    doxygen-latex-1.8.5-4.14.amzn1.i686
    doxygen-1.8.5-4.14.amzn1.i686

src:
    doxygen-1.8.5-4.14.amzn1.src

x86_64:
    doxygen-debuginfo-1.8.5-4.14.amzn1.x86_64
    doxygen-1.8.5-4.14.amzn1.x86_64
    doxygen-latex-1.8.5-4.14.amzn1.x86_64

Additional References

Red Hat: CVE-2016-10245

Mitre: CVE-2016-10245