==================================================================== CERT-Renater Note d'Information No. 2012/VULN260 ____________________________________________________________________ DATE : 15/06/2012 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Nagios XI versions prior to 2011R3.0. ====================================================================== http://assets.nagios.com/downloads/nagiosxi/CHANGES-2011.TXT ______________________________________________________________________ 2011R3.0 - 06/04/2012 ===================== - Added fix for incorrect permissions with MIB and graph template directories - EG - Added support for 2012 notification management functions: Default Messages, and locking notification settings -MG - Improved sanity checks for XI notification settings for XI users -MG - Added 'getalerthistogram' to backend API commands. -MG - Fixed XSS vulnerabilities reported by user: 0a29406d9794e4f9b30b3c5d6702c708 -MG - Fixed overlapping values in piechart for both current and 2012 versions -SW - Fixed bug #260 with notifications search(broke in 2.4). Expanded search options for more robust searches -MG - Fixed bug #156 where illegal characters can be passed for object names in the config wizards, now replaced with '_' -MG - Fixed issue where illegal characters could be used with service descriptions in the Core Config Manager -MG - Fixed minor bug with availability CSV export - SW - Updated Nagios Core to 3.4.1 - Updated NSCA to 2.9.1 - Updated Ndoutils to 1.5.1 - Mod applied to Ndoutils 1.5.1 that fixes kernel msg queue issue ====================================================================== ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================