--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2021-5f7da70bfe
2021-02-05 01:57:58.090629
--------------------------------------------------------------------------------Name        : monitorix
Product     : Fedora 33
Version     : 3.13.1
Release     : 1.fc33
URL         : https://www.monitorix.org/
Summary     : A free, open source, lightweight system monitoring tool
Description :
Monitorix is a free, open source and lightweight system monitoring tool
designed to monitor as many services and system resources as possible. It has
been created to be used under production Linux/UNIX servers, but due to its
simplicity and small size may also be used on embedded devices as well.

--------------------------------------------------------------------------------Update Information:

Security fix for [CVE-2021-3325].  This new version fixes a security bug
introduced in the 3.13.0 version that lead the HTTP built-in server to bypass
the Basic Authentication when the option hosts_deny is not defined, which is the
default.  Besides this fix, this version also updates the main configuration
file to add the option hosts_deny = all by default inside the auth subsection,
in an attempt to make the default behaviour more clear.  All users using the
3.13.0 version are advised and encouraged to upgrade to this new version, which
resolves the security issue.   ----  This new version introduces three new
modules: the long-awaited pgsql.pm capable of monitoring up to 9 databases of an
unlimited number of PostgreSQL servers, the redis.pm and tinyproxy.pm which are
both also capable of monitoring an unlimited number of Redis and Tinyproxy
servers respectively.  This version also includes some interesting new features.
The new CSS theming support will allow people to create their own color themes.
The new support for the ss command in port.pm and nginx.pm modules. The ability
to map the device names and also to include a title name in disk.pm module. The
new stacked visualization of network stats available on a number of modules, and
more.  Also with this new version, Monitorix is able to be executed as a regular
user instead of root. This is of course subject to the capabilities of each
module to get statistics without using the superuser.  The rest of new features,
changes and bugs fixed are, as always, reflected in the Changes file.
--------------------------------------------------------------------------------ChangeLog:

* Wed Jan 27 2021 Jordi Sanfeliu  - 3.13.1-1
- Updated to 3.13.1.
* Fri Jan 22 2021 Jordi Sanfeliu  - 3.13.0-1
- Updated to 3.13.0.
--------------------------------------------------------------------------------References:

  [ 1 ] Bug #1920998 - monitorix-3.13.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1920998
  [ 2 ] Bug #1921333 - CVE-2021-3325 monitorix: Basic Authentication bypass in a default installatio [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1921333
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-5f7da70bfe' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Fedora 33: monitorix 2021-5f7da70bfe

February 4, 2021
Security fix for [CVE-2021-3325]

Summary

Monitorix is a free, open source and lightweight system monitoring tool

designed to monitor as many services and system resources as possible. It has

been created to be used under production Linux/UNIX servers, but due to its

simplicity and small size may also be used on embedded devices as well.

Security fix for [CVE-2021-3325]. This new version fixes a security bug

introduced in the 3.13.0 version that lead the HTTP built-in server to bypass

the Basic Authentication when the option hosts_deny is not defined, which is the

default. Besides this fix, this version also updates the main configuration

file to add the option hosts_deny = all by default inside the auth subsection,

in an attempt to make the default behaviour more clear. All users using the

3.13.0 version are advised and encouraged to upgrade to this new version, which

resolves the security issue. ---- This new version introduces three new

modules: the long-awaited pgsql.pm capable of monitoring up to 9 databases of an

unlimited number of PostgreSQL servers, the redis.pm and tinyproxy.pm which are

both also capable of monitoring an unlimited number of Redis and Tinyproxy

servers respectively. This version also includes some interesting new features.

The new CSS theming support will allow people to create their own color themes.

The new support for the ss command in port.pm and nginx.pm modules. The ability

to map the device names and also to include a title name in disk.pm module. The

new stacked visualization of network stats available on a number of modules, and

more. Also with this new version, Monitorix is able to be executed as a regular

user instead of root. This is of course subject to the capabilities of each

module to get statistics without using the superuser. The rest of new features,

changes and bugs fixed are, as always, reflected in the Changes file.

* Wed Jan 27 2021 Jordi Sanfeliu - 3.13.1-1

- Updated to 3.13.1.

* Fri Jan 22 2021 Jordi Sanfeliu - 3.13.0-1

- Updated to 3.13.0.

[ 1 ] Bug #1920998 - monitorix-3.13.1 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1920998

[ 2 ] Bug #1921333 - CVE-2021-3325 monitorix: Basic Authentication bypass in a default installatio [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1921333

su -c 'dnf upgrade --advisory FEDORA-2021-5f7da70bfe' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

FEDORA-2021-5f7da70bfe 2021-02-05 01:57:58.090629 Product : Fedora 33 Version : 3.13.1 Release : 1.fc33 URL : https://www.monitorix.org/ Summary : A free, open source, lightweight system monitoring tool Description : Monitorix is a free, open source and lightweight system monitoring tool designed to monitor as many services and system resources as possible. It has been created to be used under production Linux/UNIX servers, but due to its simplicity and small size may also be used on embedded devices as well. Security fix for [CVE-2021-3325]. This new version fixes a security bug introduced in the 3.13.0 version that lead the HTTP built-in server to bypass the Basic Authentication when the option hosts_deny is not defined, which is the default. Besides this fix, this version also updates the main configuration file to add the option hosts_deny = all by default inside the auth subsection, in an attempt to make the default behaviour more clear. All users using the 3.13.0 version are advised and encouraged to upgrade to this new version, which resolves the security issue. ---- This new version introduces three new modules: the long-awaited pgsql.pm capable of monitoring up to 9 databases of an unlimited number of PostgreSQL servers, the redis.pm and tinyproxy.pm which are both also capable of monitoring an unlimited number of Redis and Tinyproxy servers respectively. This version also includes some interesting new features. The new CSS theming support will allow people to create their own color themes. The new support for the ss command in port.pm and nginx.pm modules. The ability to map the device names and also to include a title name in disk.pm module. The new stacked visualization of network stats available on a number of modules, and more. Also with this new version, Monitorix is able to be executed as a regular user instead of root. This is of course subject to the capabilities of each module to get statistics without using the superuser. The rest of new features, changes and bugs fixed are, as always, reflected in the Changes file. * Wed Jan 27 2021 Jordi Sanfeliu - 3.13.1-1 - Updated to 3.13.1. * Fri Jan 22 2021 Jordi Sanfeliu - 3.13.0-1 - Updated to 3.13.0. [ 1 ] Bug #1920998 - monitorix-3.13.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1920998 [ 2 ] Bug #1921333 - CVE-2021-3325 monitorix: Basic Authentication bypass in a default installatio [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1921333 su -c 'dnf upgrade --advisory FEDORA-2021-5f7da70bfe' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Change Log

References

Update Instructions

Severity
Product : Fedora 33
Version : 3.13.1
Release : 1.fc33
URL : https://www.monitorix.org/
Summary : A free, open source, lightweight system monitoring tool

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved