Fedora 22: 2015-23791fb868 High: Monitorix CSRF And Security Flaws
fedora
November 19, 2015
This is a maintenance release that mainly fixes a Document Object Model (DOM)-based cross-site scripting (XSS) vulnerability in the monitorix.cgi file
Summary
Monitorix is a free, open source, lightweight system monitoring tool designed
to monitor as many services and system resources as possible. It has been
created to be used under production Linux/UNIX servers, but due to its
simplicity and small size may also be used on embedded devices as well.
Update Information:
This is a maintenance release that mainly fixes a Document Object Model (DOM)-based cross-site scripting (XSS) vulnerability in the monitorix.cgi file. Such vulnerability is by injection a JS code in the when parameter of the URL shown after generating the graphs. Additionally, a potential denial of service (DoS) issue was discovered in the same when parameter of the URL which could lead in the creation of an enormous amount of .png files in the imgs directory of the server.
Change Log
References
[ 1 ] Bug #1281979 - monitorix-3.8.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1281979
Update Instructions
This update can be installed with the "yum" update program. Use su -c 'yum update monitorix' at the command line. For more information, refer to "Managing Software with yum", available at .
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Name: monitorix
Product: Fedora 22
Version: 3.8.1
Release: 1.fc22
Summary: A free, open source, lightweight system monitoring tool
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!