Advisories » MGASA-2014-0317

Updated ocsinventory packages fix security vulnerability

Publication date: 05 Aug 2014
Modification date: 05 Aug 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-4722

Description

Multiple cross-site scripting (XSS) vulnerabilities in the OCS Reports Web
Interface in OCS Inventory NG allow remote attackers to inject arbitrary web
script or HTML via unspecified vectors (CVE-2014-4722).

Also, the web interface has been fixed to work with Apache HTTPD 2.4.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=13784
• https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135525.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4722

SRPMS

3/core

• ocsinventory-2.0.5-2.2.mga3

4/core

• ocsinventory-2.0.5-3.2.mga4