ALAS-2017-923

Amazon Linux 1 (EOL) Security Advisory: ALAS-2017-923
Advisory Released Date: 2017-11-15
Advisory Updated Date: 2017-11-20

Severity: Medium

References: CVE-2017-15194
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page. (CVE-2017-15194)

Affected Packages:

cacti

Issue Correction:
Run yum update cacti to update your system.

New Packages:

noarch:
    cacti-1.1.19-2.18.amzn1.noarch

src:
    cacti-1.1.19-2.18.amzn1.src