| Revision Date: | 2014-05-26 | Version: | 20 |
| Title: | ELSA-2008:0061: setroubleshoot security and bug fix update (Moderate) |
| Description: | Cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted (1) file or (2) process name, which triggers an Access Vector Cache (AVC) log entry in a log file used during composition of HTML documents for sealert. |
| Family: | unix | Class: | patch |
| Status: | ACCEPTED | Reference(s): | CVE-2007-5495
CVE-2007-5496
ELSA-2008:0061-02
|
| Platform(s): | Oracle Linux 5
| Product(s): | setroubleshoot
setroubleshoot-plugins
|
| Definition Synopsis |
| Oracle Linux 5.x AND rpm test
setroubleshoot-plugins is earlier than 0:2.0.4-2.el5
OR setroubleshoot-server is earlier than 0:2.0.5-3.el5
OR setroubleshoot is earlier than 0:2.0.5-3.el5
|