From 130e25c7c96e22d106edb62fb6d912a41f96d53e Mon Sep 17 00:00:00 2001 From: Jan ONDREJ (SAL) Date: Jul 04 2014 04:09:49 +0000 Subject: Fix two URL Cross-Site Scripting Vulnerabilities (bz#1115983) --- diff --git a/pnp4nagios-cb925073edeeb97eb4ce61a86cdafccc9b87f9bb.patch b/pnp4nagios-cb925073edeeb97eb4ce61a86cdafccc9b87f9bb.patch new file mode 100644 index 0000000..6b32d91 --- /dev/null +++ b/pnp4nagios-cb925073edeeb97eb4ce61a86cdafccc9b87f9bb.patch @@ -0,0 +1,29 @@ +From cb925073edeeb97eb4ce61a86cdafccc9b87f9bb Mon Sep 17 00:00:00 2001 +From: Mikael Falkvidd +Date: Fri, 13 Jun 2014 14:13:03 +0200 +Subject: [PATCH] Plug potential XSS hole in views/template.php + +REQUEST_URI needs to be sanitized if used. Since we want to refresh +to the same page there is no need to set the URI. + +Signed-off-by: Mikael Falkvidd +--- + share/pnp/application/views/template.php | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/share/pnp/application/views/template.php b/share/pnp/application/views/template.php +index 109902f..0cce888 100644 +--- a/share/pnp/application/views/template.php ++++ b/share/pnp/application/views/template.php +@@ -4,7 +4,7 @@ + + + +- ++ + <?php if (isset($this->title)) echo html::specialchars($this->title) ?> + + +-- +1.9.3 + diff --git a/pnp4nagios-e4a19768a5c5e5b1276caf3dd5bb721a540ec014.patch b/pnp4nagios-e4a19768a5c5e5b1276caf3dd5bb721a540ec014.patch new file mode 100644 index 0000000..3239e7e --- /dev/null +++ b/pnp4nagios-e4a19768a5c5e5b1276caf3dd5bb721a540ec014.patch @@ -0,0 +1,36 @@ +From e4a19768a5c5e5b1276caf3dd5bb721a540ec014 Mon Sep 17 00:00:00 2001 +From: Mikael Falkvidd +Date: Thu, 12 Jun 2014 11:03:43 +0200 +Subject: [PATCH] pnp/views/kohana_error_page: plug another XSS hole + +By issuing the request +GET pnp/$item?996fb"><"951e1=1 +an alert is triggered in the meta refresh tag. + +The hole is plugged by not setting the URL of the meta refresh. +The default behavior is to refresh the current page, which is what +we want anyway. + +Change-Id: I6af0b15c929f95d651a576d46b99d2e1a88fe601 + +Signed-off-by: Mikael Falkvidd +--- + share/pnp/application/views/kohana_error_page.php | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/share/pnp/application/views/kohana_error_page.php b/share/pnp/application/views/kohana_error_page.php +index a950616..490ed62 100644 +--- a/share/pnp/application/views/kohana_error_page.php ++++ b/share/pnp/application/views/kohana_error_page.php +@@ -4,7 +4,7 @@ + + + +- ++ + + <?php echo $error ?> + +-- +1.9.3 + diff --git a/pnp4nagios.spec b/pnp4nagios.spec index 52fabe9..2544175 100644 --- a/pnp4nagios.spec +++ b/pnp4nagios.spec @@ -1,6 +1,6 @@ Name: pnp4nagios Version: 0.6.22 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Nagios performance data analysis tool Group: Applications/System @@ -11,6 +11,8 @@ Source1: pnp4nagios.logrotate.conf Source2: pnp4nagios-npcd.sysvinit Source3: pnp4nagios-README.fedora Patch1: pnp4nagios-httpd24.patch +Patch10: pnp4nagios-cb925073edeeb97eb4ce61a86cdafccc9b87f9bb.patch +Patch11: pnp4nagios-e4a19768a5c5e5b1276caf3dd5bb721a540ec014.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: autoconf, automake, libtool @@ -32,6 +34,8 @@ and stores them automatically into RRD-databases. %prep %setup -q %patch1 -p1 +%patch10 -p1 +%patch11 -p1 autoreconf cp -p %{SOURCE3} README.fedora @@ -134,8 +138,11 @@ fi %{_datadir}/nagios/html/%{name}/kohana %changelog +* Fri Jul 04 2014 Ján ONDREJ (SAL) - 0.6.22-2 +- Fix two URL Cross-Site Scripting Vulnerabilities (bz#1115983) + * Thu Jul 03 2014 Ján ONDREJ (SAL) - 0.6.22-1 -- Update to upstream (fixes XSS flaw in an error page) +- Update to upstream (fixes XSS flaw in an error page - bz#1115770) * Sat Jun 07 2014 Fedora Release Engineering - 0.6.21-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild