An update for the package glpi is now available for NetEye 4.
NetEye Product Security has rated this update as having a security impact of Important. Common Vulnerability Scoring System (CVSS) base scores provide additional guidance about a vulnerability and give a detailed severity rating.
Description
GLPI is an Assets Management software distributed with Neteye 4
An attacker can control a script that is executed in the victim’s browser, with this he can fully compromise that user and the product itself.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the links listed in the References section.
Solution
Update glpi neteye packages to 10.0.9
For details on how to apply this update, which includes the changes described in this advisory, refer to the NetEye Update Section inside the User Guide.
Affected Products
All NetEye 4.x versions prior to and including 4.30
We fixed a bug which was causing the Elasticsearch upgrade procedure to fail in a race condition. In particular, after the upgrade of the Elasticsearch RPM and before the restart of the service, the running Elasticsearch service could possibly fail Read More
After the previous release of an Icinga2 bugfix for a race-condition during the shutdown, some issues with the connection to satellite nodes emerged. This bugfix release is a cleanup we worked on in cooperation with Icinga2 to address those issues. Read More
We fixed an issue related to the upgrade path from 4.37 to 4.38, where the upgrade could have blocked at the secure install phase due to the missing retrieval of upgrade checkpoints. We updated the following packages: neteye-upgrade-manager to version Read More
For ntopng we fixed license limit enforcement, which could lead to flow drops. Furthermore, we’ve fixed an issue related to the RPM Mirror where the sync would have failed after the one performed during the neteye rpmmirror setup command, due Read More
We’ve fixed an issue related to the RPM Mirror where the sync would have failed after the one performed during the neteye rpmmirror setup command, due to a dependency change. We updated the following packages: neteye-pulp3-mirror to version 1.2.2-2 Note: Read More