Tuesday, August 2, 2016

securityonion-squert - 20141015-0ubuntu0securityonion19 resolves XSS issue and disables Apache autoindex module

Manuel Mancera discovered a XSS issue in Squert:
https://github.com/int13h/squert/issues/76
https://groups.google.com/d/topic/security-onion/-x_PQQwm4bQ/discussion

securityonion-squert - 20141015-0ubuntu0securityonion19 resolves this XSS issue and also disables the Apache autoindex module:

Issue 967: Squert: Parameter not escaped in ip2c.php
https://github.com/Security-Onion-Solutions/security-onion/issues/967

Issue 969: Squert: prevent directory listing for subdirectories
https://github.com/Security-Onion-Solutions/security-onion/issues/969

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Conference
Security Onion Conference will be on Friday September 9 and registration is open!
https://securityonion.net/conference

Training
Need training?  Please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

No comments:

Search This Blog

Featured Post

Security Onion 2.4.111 now available!

In October, we released version 2.4.110: https://blog.securityonion.net/2024/10/security-onion-24110-hurricane-helene.html Last week, Surica...

Popular Posts

Blog Archive