Updated monit packages fix security vulnerabilities
Publication date: 06 Sep 2019Modification date: 06 Sep 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-11454 , CVE-2019-11455
Description
Updated monit package fixes security vulnerabilities: Zack Flack discovered that Monit incorrectly handled certain input. A remote authenticated user could exploit this to conduct cross-site scripting (XSS) attacks (CVE-2019-11454). Zack Flack discovered a buffer overread when Monit decoded certain crafted URLs. An attacker could exploit this to leak potentially sensitive information (CVE-2019-11455).
References
SRPMS
6/core
- monit-5.25.3-1.1.mga6