Fedora 25 : mrbs (2017-b5bcfedf10)

high Nessus Plugin ID 105135

Language:

Synopsis

The remote Fedora host is missing a security update.

Description

Changes since MRBS 1.6.1 :

- Fixed a number of security issues in MRBS that were disclosed to the project by SySS GmbH, including XSS, CSRF protection and session fixation.

- Improved behaviour of browser caching in MRBS.

- Improved localisation, especially the use of colons in labels.

- Added new config variable $weekdays to define weekdays and weekends, allowing for the possibility that weekdays are not the same as working days.

- MRBS now restricts form actions which modify data/pass passwords to only accept POSTs.

- Added the ability to have different period names in each area.

- Add SAML auth and session schemes, thanks to Jørn Åne.

- Updated to jQuery 3.2.1 and jQueryUI 1.12.1, which includes XSS fixes.

- Plus a few other bug fixes/improvements.

- Dropped support for Internet Explorer 9 and lower.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected mrbs package.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2017-b5bcfedf10

Plugin Details

Severity: High

ID: 105135

File Name: fedora_2017-b5bcfedf10.nasl

Version: 3.4

Type: local

Agent: unix

Published: 12/11/2017

Updated: 1/6/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:mrbs, cpe:/o:fedoraproject:fedora:25

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 12/9/2017

Vulnerability Publication Date: 12/9/2017

Reference Information