[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1767-1] monit security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : monit
Version        : 1:5.9-1+deb8u2
CVE ID         : CVE-2019-11454 CVE-2019-11455
Zack Flack found several issues in monit, a utility for monitoring and managing daemons or similar programs. 

CVE-2019-11454
     An XSS vulnerabilitty has been reported that could be prevented by
     HTML escaping the log file content when viewed via Monit GUI.

CVE-2019-11455
     A buffer overrun vulnerability has been reported in URL decoding.


For Debian 8 "Jessie", these problems have been fixed in version
1:5.9-1+deb8u2.

We recommend that you upgrade your monit packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlzDeclfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEekiBAAq/I3xhfnKwESsSitsjVoCeKZx50HcmGx/xfU6OztQJsi12RwaO9/OtJ4
1cxl1fODM10zBGXb/srOAu1CLXJUVdFfMX5FMoF3mVb+IU1YZMO3yy4sxfKSsQzq
BLf8u3g5+utrAvZDhaeru0eCU4xJ7wEUbKdtcmlgWI9qBxGEBo9mR4YNCAAt5IqQ
ogerxgHKprNkL0ovVD04pusJx8BZGR8zxtuNgV36rV5uOz2WC75o7+qxJwIDVz7c
30yvHG2Jflr8qTfxJVNiJ90TNBv0JwSAyTWl1k0MMi0iU5HROYGH0ZKZR6zTByGB
3Mk8q+YR5f01F4HMkjHYr2Vqj+0JZTUr7tDf5BwmyIXAN0Dq2fCHBK/eLGMQ5jWE
AkOqh7DOVZR4DwG/EMQpwtz8rmpGCWJBQGiWfp06JDNh/2hYmM+mc8wlam5nTswD
4w33P7egQpRXyhpOF15qiRsu6r1675xA0r7jMnUxc1rXt4sHsv1WeVJapRIra6Ad
5FrUVxDl1Kfo4Si6ZmfGsAJavsqhBK2miEAZhIOSzhNXwoGUvgjln+PjUFti3Bv5
IR3zeU/GADSnrgwgB/uSw/C07LjD6aLNg8tho/7SPPfiu/CrTdMkBPAcoHL3VlgA
m7IGu3P6p7jW8lMwGZe5E82zkHlEhbYg1RXq4k8DcwnQ87KTwBk=
=O73F
-----END PGP SIGNATURE-----
Reply to: