Advisories ยป MGASA-2019-0246

Updated monit packages fix security vulnerabilities

Publication date: 06 Sep 2019
Modification date: 06 Sep 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-11454 , CVE-2019-11455

Description

Updated monit package fixes security vulnerabilities:

Zack Flack discovered that Monit incorrectly handled certain input.
A remote authenticated user could exploit this to conduct cross-site
scripting (XSS) attacks (CVE-2019-11454).

Zack Flack discovered a buffer overread when Monit decoded certain crafted
URLs. An attacker could exploit this to leak potentially sensitive
information (CVE-2019-11455).
                

References

SRPMS

6/core