Advisories » MGASA-2019-0246

Updated monit packages fix security vulnerabilities

Publication date: 06 Sep 2019
Modification date: 06 Sep 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-11454 , CVE-2019-11455

Description

Updated monit package fixes security vulnerabilities:

Zack Flack discovered that Monit incorrectly handled certain input.
A remote authenticated user could exploit this to conduct cross-site
scripting (XSS) attacks (CVE-2019-11454).

Zack Flack discovered a buffer overread when Monit decoded certain crafted
URLs. An attacker could exploit this to leak potentially sensitive
information (CVE-2019-11455).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=25269
• https://usn.ubuntu.com/3971-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11454
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11455

SRPMS

6/core

• monit-5.25.3-1.1.mga6