Ubuntu Security Notice USN-1151-1
15th June, 2011
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
An attacker could modify or steal data if you were tricked into clicking on a special link to Nagios.
- nagios3 - A host/service/network monitoring and management system
Stefan Schurtz discovered than Nagios did not properly sanitize its input
when processing certain requests, resulting in cross-site scripting (XSS)
vulnerabilities. With cross-site scripting vulnerabilities, if a user were
tricked into viewing server output during a crafted server request, a
remote attacker could exploit this to modify the contents, or steal
confidential data, within the same domain.
The problem can be corrected by updating your system to the following package version:
- Ubuntu 11.04:
- nagios3-cgi 3.2.3-1ubuntu1.2
- Ubuntu 10.10:
- nagios3-cgi 3.2.1-2ubuntu1.2
- Ubuntu 10.04 LTS:
- nagios3-cgi 3.2.0-4ubuntu2.2
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart Nagios to make
all the necessary changes.