Hello, The OpenVAS developers have just released an important security release for the Open Vulnerability Assessment System release series 8 (OpenVAS-8).
The following package was released: - Greenbone Security Assistant 6.0.8. We highly recommend to update your OpenVAS installation to the version listed above as soon as possible. It has been identified that Greenbone Security Assistant (GSA) is vulnerable to cross site scripting due to a improper handling of the parameters of the get_aggregate command. Given the attacker has access to a session token of the browser session, the cross site scripting can be executed. OpenVAS-7 is not affected. For details and current information on this vulnerability please refer to the following page on the OpenVAS website: http://openvas.org/OVSA20160113.html The source tarballs for the releases are available for download from the OpenVAS website at: https://wald.intevation.org/frs/?group_id=29 This page contains signatures and checksums for the source tarballs as well. You can find links to the latest source tarballs for all currently maintained releases here: http://openvas.org/install-source.html Binary packages for major GNU/Linux distributions by third parties are expected to follow soon. Regards, Michael Wiegand -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner
pgpbitDuId8e5.pgp
Description: PGP signature
_______________________________________________ Openvas-announce mailing list Openvas-announce@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-announce
