[SECURITY] [DLA 732-1] monit security update

[Jonas Meurer <mejo@debian.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : monit
Version        : 5.4-2+deb7u1
CVE ID         : CVE-2016-7067


Adith Sudhakar discovered a cross-site request forgery (CSRF) issue in
monit, a utility for monitoring hosts and services. An attacker could
cause an authenticated admin to change monitoring for hosts/services
through a forged link. This update fixes the vulnerability by adding
CSRF protection via a security token and enforced POST requests for
actions that cause changes to the monitoring.

For Debian 7 "Wheezy", these problems have been fixed in version
5.4-2+deb7u1.

We recommend that you upgrade your monit packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- -- 
Jonas Meurer


-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEELIzSg9Pv30M4kOeDUmLn/0kQSf4FAlhBb0kQHG1lam9AZGVi
aWFuLm9yZwAKCRBSYuf/SRBJ/ispEAC8TdYr1l36ESWX41aFbdXUOkrXl0SPmE8F
smsQo7Wl5ovTQysGK9+vuoUxmOaP0HXUSbT6RExApxkngBrKFsfc8Ooxa2efTrX3
fxaePbcgfXJ1It/b3nmMk4oXPb+5ZYnZzbak84LEXOKCD+FO9/7Jp6ujj5Wg7g/e
LJdjW7uh9q+C0k6Jvr8nMv/BmHt7KCY44oRFKM59caTaBcsosu45Bes1JOsJ/vhi
svtmdd3BcMt3bu5EMwWWA8vePGqSjnJzC3N2WQ5WIhDh5wp5TNDhpOhvHAE8TxaV
7vE5XOzLnbbD2vnNqS1xTmeJTgp97aFZHWtuLHKWRKUl+24uKEc8fP86lZIR2Xox
qqQzyc6RDzu6er1gX32E5f57sgX2XMbhMkfPO7FZCQERjK7sdXfVSoStPFQOWlnd
0vYQoIG+gfgVX7Isfx/VEzp3e8vF57ox7S6Z0g4u4OlmQe1oDNP133PVVU7e6F+K
VEThwa3EbGNQ8wyChHlmBDY2dzAX5W2H/IItz5Aj3q04Vfrcbx0qoMHO0A3HcZ63
c3VkyUoGdOdFHcU3xdRjeUdNRGTsrtaEYvy8JmDec3VzsV9Ok/8tnGj4FnmaE2c0
fBG9TldfO3oucmh880OaEd58AqE0UOJv8RpS08rY8Lvrf7OTr1ixb2+YWnL0lvqB
vPQFYek5ig==
=zJyQ
-----END PGP SIGNATURE-----