Updated monit packages fix security vulnerabilitiesPublication date: 06 Sep 2019
Affected Mageia releases : 6
CVE: CVE-2019-11454 , CVE-2019-11455
Updated monit package fixes security vulnerabilities: Zack Flack discovered that Monit incorrectly handled certain input. A remote authenticated user could exploit this to conduct cross-site scripting (XSS) attacks (CVE-2019-11454). Zack Flack discovered a buffer overread when Monit decoded certain crafted URLs. An attacker could exploit this to leak potentially sensitive information (CVE-2019-11455).