Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
172
security advisorycriticalUbuntuUbuntu 22.04 LTS USN-6571-1 critical: Monit authentication bypass issue
Monit could be made to bypass authentication checks for disabled accounts.. ========================================================================== Ubuntu Security Notice USN-6571-1 January 09, 2024 monit vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS (Available with Ubuntu Pro) - Ubuntu 20.04 LTS (Available with Ubuntu Pro) - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) - Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: Monit could be made to bypass authentication checks for disabled accounts. Software Description: - monit: utility for monitoring and managing daemons or similar programs Details: Youssef Rebahi-Gilbert discovered that Monit did not properly process credentials for disabled accounts. An attacker could possibly use this issue to login to the platform with an expired account and a valid password. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS (Available with Ubuntu Pro): monit 1:5.31.0-1ubuntu0.1~esm1 Ubuntu 20.04 LTS (Available with Ubuntu Pro): monit 1:5.26.0-4ubuntu0.1~esm1 Ubuntu 18.04 LTS (Available with Ubuntu Pro): monit 1:5.25.1-1ubuntu0.1~esm2 Ubuntu 16.04 LTS (Available with Ubuntu Pro): monit 1:5.16-2ubuntu0.2+esm2 Ubuntu 14.04 LTS (Available with Ubuntu Pro): monit 1:5.6-2ubuntu0.1+esm3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6571-1 CVE-2022-26563 . Ubuntu Security Bulletin USN-6573-1: Monit could bypass restrictions for dormant accounts in several iterations of Ubuntu LTS.. Monit Authentication Bypass, Ubuntu 22.04LTS Security, Securing Monit Access. . Severity: Critical. LinuxSecurity.com Team
Jan 09, 2024
•Critical
Ubuntu
89
security advisorybuffer overflowcriticalFedora 31: FEDORA-2020-9c19202d55 Critical: Monit Buffer Overflow
Update to 5.26.0 (includes security fix for CVE-2019-11454 and CVE-2019-11455). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-9c19202d55 2020-03-12 21:55:08.822486 --------------------------------------------------------------------------------Name : monit Product : Fedora 31 Version : 5.26.0 Release : 1.fc31 URL : https://mmonit.com/monit/ Summary : Manages and monitors processes, files, directories and devices Description : monit is a utility for managing and monitoring, processes, files, directories and devices on a UNIX system. Monit conducts automatic maintenance and repair and can execute meaningful causal actions in error situations. --------------------------------------------------------------------------------Update Information: Update to 5.26.0 (includes security fix for CVE-2019-11454 and CVE-2019-11455) --------------------------------------------------------------------------------ChangeLog: * Tue Mar 3 2020 Stewart Adam - 5.26.0-1 - Update to 5.26.0 * Thu Jul 25 2019 Fedora Release Engineering - 5.25.1-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1663929 - monit: Use-after-free in function _handleEvent() https://bugzilla.redhat.com/show_bug.cgi?id=1663929 [ 2 ] Bug #1691391 - monit: Multiple issues fixed in 5.25.3 https://bugzilla.redhat.com/show_bug.cgi?id=1691391 [ 3 ] Bug #1702637 - CVE-2019-11455 monit: buffer over-read in function Util_urlDecode in util.c https://bugzilla.redhat.com/show_bug.cgi?id=1702637 [ 4 ] Bug #1702682 - CVE-2019-11454 monit: cross-site scripting (XSS) in http/cervlet.c https://bugzilla.redhat.com/show_bug.cgi?id=1702682 [ 5 ] Bug #1695987 - monit: Multiple vulnerabilities fixed in monit 5.25.3 https://bugzilla.redhat.com/show_bug.cgi?id=1695987 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-9c19202d55' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Mar 12, 2020
•Critical
Fedora
203
security advisorysecurity issueupdateMageia 6: MGASA-2019-0246 Moderate: Monit XSS And Buffer Overread
Updated monit package fixes security vulnerabilities: Zack Flack discovered that Monit incorrectly handled certain input. A remote authenticated user could exploit this to conduct cross-site scripting (XSS) attacks (CVE-2019-11454). . MGASA-2019-0246 - Updated monit packages fix security vulnerabilities Publication date: 06 Sep 2019 URL: https://advisories.mageia.org/MGASA-2019-0246.html Type: security Affected Mageia releases: 6 CVE: CVE-2019-11454, CVE-2019-11455 Updated monit package fixes security vulnerabilities: Zack Flack discovered that Monit incorrectly handled certain input. A remote authenticated user could exploit this to conduct cross-site scripting (XSS) attacks (CVE-2019-11454). Zack Flack discovered a buffer overread when Monit decoded certain crafted URLs. An attacker could exploit this to leak potentially sensitive information (CVE-2019-11455). References: - https://bugs.mageia.org/show_bug.cgi?id=25269 - https://ubuntu.com/security/notices/USN-3971-1 - https://www.cve.org/CVERecord?id=CVE-2019-11454 - https://www.cve.org/CVERecord?id=CVE-2019-11455 SRPMS: - 6/core/monit-5.25.3-1.1.mga6 . An enhanced monit package resolves serious vulnerabilities in Mageia distributions. Insights into XSS and data exposure threats.. Monit Security Update, Mageia 6 Fix, XSS Vulnerability, Bufferoverread Patch. . Severity: Important. LinuxSecurity.com Team
Sep 06, 2019
•Important
Mageia
197
security advisorydebianbuffer overrunDebian DLA-1767-1 Urgent Security: Monit XSS and Buffer Overflow Fix
Zack Flack found several issues in monit, a utility for monitoring and managing daemons or similar programs. . Package : monit Version : 1:5.9-1+deb8u2 CVE ID : CVE-2019-11454 CVE-2019-11455 Zack Flack found several issues in monit, a utility for monitoring and managing daemons or similar programs. CVE-2019-11454 An XSS vulnerabilitty has been reported that could be prevented by HTML escaping the log file content when viewed via Monit GUI. CVE-2019-11455 A buffer overrun vulnerability has been reported in URL decoding. For Debian 8 "Jessie", these problems have been fixed in version 1:5.9-1+deb8u2. We recommend that you upgrade your monit packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Monit software patch resolves multiple vulnerabilities reported by Zack Flack, including a cross-site scripting vulnerability and a buffer overflow. Users are urged to update.. Monit Security Update, Debian Linux, XSS Flaw, Buffer Overrun. . Severity: Important. LinuxSecurity.com Team
Apr 26, 2019
•Important
Debian LTS
203
security advisorysystem securityuse-after-freeMageia 6: 2018-0490 Critical: Monit Use-After-Free Security Update
There is a use-after-free in monit that shows up if you run it for a while on an active system with address sanitizer enabled. References: - https://bugs.mageia.org/show_bug.cgi?id=24049 . MGASA-2018-0490 - Updated monit packages fix security vulnerability Publication date: 26 Dec 2018 URL: https://advisories.mageia.org/MGASA-2018-0490.html Type: security Affected Mageia releases: 6 There is a use-after-free in monit that shows up if you run it for a while on an active system with address sanitizer enabled. References: - https://bugs.mageia.org/show_bug.cgi?id=24049 - https://www.openwall.com/lists/oss-security/2018/12/23/2 SRPMS: - 6/core/monit-5.22.0-1.1.mga6 . Mageia 6 has released a vital security advisory concerning a use-after-free vulnerability found in monit, with key updates now accessible for all users.. Monit Security Update, Mageia Security Advisory, System Security Update. . Severity: Critical. LinuxSecurity.com Team
Dec 27, 2018
•Critical
Mageia
89
security advisoryfedoraprocess managementFedora 27: FEDORA-2017-2d4c9a6e37 Critical CSRF Fix for Monit
Update to upstream release 5.25.1 (includes security fix for CVE-2016-7067). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-2d4c9a6e37 2018-02-20 17:10:59.954984 --------------------------------------------------------------------------------Name : monit Product : Fedora 27 Version : 5.25.1 Release : 1.fc27 URL : https://mmonit.com/monit/ Summary : Manages and monitors processes, files, directories and devices Description : monit is a utility for managing and monitoring, processes, files, directories and devices on a UNIX system. Monit conducts automatic maintenance and repair and can execute meaningful causal actions in error situations. --------------------------------------------------------------------------------Update Information: Update to upstream release 5.25.1 (includes security fix for CVE-2016-7067) --------------------------------------------------------------------------------References: [ 1 ] Bug #1390111 - CVE-2016-7067 monit: CSRF in Monit Service Manager https://bugzilla.redhat.com/show_bug.cgi?id=1390111 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade monit' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Feb 20, 2018
•Critical
Fedora
89
security advisorysoftware updateFedoraFedora 26: FEDORA-2017-d75a88f263 moderate: monit CSRF Issue
Update to upstream release 5.25.1 (includes security fix for CVE-2016-7067). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-d75a88f263 2018-02-20 16:35:51.258661 --------------------------------------------------------------------------------Name : monit Product : Fedora 26 Version : 5.25.1 Release : 1.fc26 URL : https://mmonit.com/monit/ Summary : Manages and monitors processes, files, directories and devices Description : monit is a utility for managing and monitoring, processes, files, directories and devices on a UNIX system. Monit conducts automatic maintenance and repair and can execute meaningful causal actions in error situations. --------------------------------------------------------------------------------Update Information: Update to upstream release 5.25.1 (includes security fix for CVE-2016-7067) --------------------------------------------------------------------------------References: [ 1 ] Bug #1390111 - CVE-2016-7067 monit: CSRF in Monit Service Manager https://bugzilla.redhat.com/show_bug.cgi?id=1390111 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade monit' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Feb 20, 2018
Fedora
91
security advisorydenial of servicehigh severityGentoo: 202404-28 Alert: Monit Security Flaw and Memory Overflow
A denial of service and a buffer overflow vulnerability have been found in Monit.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200403-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Multiple Security Vulnerabilities in Monit Date: March 31, 2004 Bugs: #43967 ID: 200403-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A denial of service and a buffer overflow vulnerability have been found in Monit. Background ========= Monit is a system administration utility that allows management and monitoring of processes, files, directories and devices on a Unix system. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- app-admin/monit = 4.2 Description ========== A denial of service may occur due to Monit not sanitizing remotely supplied HTTP parameters before passing them to memory allocation functions. This could allow an attacker to cause an unexpected condition that could lead to the Monit daemon crashing. An overly long http request method may cause a buffer overflow due to Monit performing insufficient bounds checking when handling HTTP requests. Impact ===== An attacker may crash the Monit daemon to create a denial of service condition or cause a buffer overflow that would allow arbitrary code to be executed with root privileges. Workaround ========= A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package. Resolution ========= Monit users should upgrade to version4.2 or later: # emerge sync # emerge -pv "> =app-admin/monit-4.2" # emerge "> =app-admin/monit-4.2" References ========= [ 1 ] [ 2 ] Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Mar 31, 2004
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!