Mageia Advisory: MGASA-2015-0203 - Updated pnp4nagios packages fix security vulnerabilities

Updated pnp4nagios packages fix security vulnerabilities

Publication date: 11 May 2015
Modification date: 11 May 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-4907 , CVE-2014-4908

Description

Updated pnp4nagios package fixes security vulnerabilities:

Cross-site scripting (XSS) vulnerability in
share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22
allows remote attackers to inject arbitrary web script or HTML via a parameter
that is not properly handled in an error message (CVE-2014-4907).

Multiple cross-site scripting (XSS) vulnerabilities in PNP4Nagios through
0.6.22 allow remote attackers to inject arbitrary web script or HTML via the
URI used for reaching share/pnp/application/views/kohana_error_page.php or
share/pnp/application/views/template.php, leading to improper handling within
an http-equiv="refresh" META element (CVE-2014-4908).

References

https://bugs.mageia.org/show_bug.cgi?id=13740
https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135371.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4907
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4908

SRPMS

4/core

pnp4nagios-0.6.25-1.1.mga4

Advisories » MGASA-2015-0203

Updated pnp4nagios packages fix security vulnerabilities

Description

References

SRPMS

4/core