Updated ocsinventory packages fix security vulnerability
Publication date: 05 Aug 2014Modification date: 05 Aug 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-4722
Description
Multiple cross-site scripting (XSS) vulnerabilities in the OCS Reports Web Interface in OCS Inventory NG allow remote attackers to inject arbitrary web script or HTML via unspecified vectors (CVE-2014-4722). Also, the web interface has been fixed to work with Apache HTTPD 2.4.
References
SRPMS
3/core
- ocsinventory-2.0.5-2.2.mga3
4/core
- ocsinventory-2.0.5-3.2.mga4