Tuesday, August 2, 2016

securityonion-squert - 20141015-0ubuntu0securityonion19 resolves XSS issue and disables Apache autoindex module

Manuel Mancera discovered a XSS issue in Squert:
https://github.com/int13h/squert/issues/76
https://groups.google.com/d/topic/security-onion/-x_PQQwm4bQ/discussion

securityonion-squert - 20141015-0ubuntu0securityonion19 resolves this XSS issue and also disables the Apache autoindex module:

Issue 967: Squert: Parameter not escaped in ip2c.php
https://github.com/Security-Onion-Solutions/security-onion/issues/967

Issue 969: Squert: prevent directory listing for subdirectories
https://github.com/Security-Onion-Solutions/security-onion/issues/969

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Conference
Security Onion Conference will be on Friday September 9 and registration is open!
https://securityonion.net/conference

Training
Need training?  Please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

No comments:

Search This Blog

Featured Post

Did You Know Security Onion Scales to the Enterprise?

Did you know Security Onion scales to the enterprise? Security Onion is designed to scale from simple standalone deployments all the way up ...

Popular Posts

Blog Archive