ALAS-2017-904

Amazon Linux 1 (EOL) Security Advisory: ALAS-2017-904
Advisory Released Date: 2017-10-02
Advisory Updated Date: 2017-10-02

Severity: Medium

References: CVE-2017-12927 CVE-2017-12978
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A cross-site scripting vulnerability exists in Cacti in the method parameter in spikekill.php. (CVE-2017-12927)

The lib/html.php script in Cacti has a XSS vulnerability via the title field of an external link added by an authenticated user. (CVE-2017-12978)

Affected Packages:

cacti

Issue Correction:
Run yum update cacti or yum update --advisory ALAS-2017-904 to update your system.

New Packages:

noarch:
    cacti-1.1.19-1.17.amzn1.noarch

src:
    cacti-1.1.19-1.17.amzn1.src