Bug 10146

Summary: monit packages fix security vulnerabilities (CVE-2019-11455)
Product: [ROSA-based products] ROSA Fresh Reporter: Zombie Ryushu <zombie.ryushu>
Component: Contributed PackagesAssignee: ROSA Linux Bugs <bugs>
Status: RESOLVED FIXED QA Contact: ROSA Linux Bugs <bugs>
Severity: normal    
Priority: Normal CC: alzim, andrey.bondrov, denis.silakov, mc2374
Version: All   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://advisories.mageia.org/MGASA-2019-0246.html
Whiteboard:
Platform: --- ROSA Vulnerability identifier: CVE-2019-11455
RPM Package: monit ISO-related:
Bad POT generating: Upstream:

Description Zombie Ryushu 2019-09-10 08:36:17 MSK 
Updated monit package fixes security vulnerabilities:

Zack Flack discovered that Monit incorrectly handled certain input.
A remote authenticated user could exploit this to conduct cross-site
scripting (XSS) attacks (CVE-2019-11454).

Zack Flack discovered a buffer overread when Monit decoded certain crafted
URLs. An attacker could exploit this to leak potentially sensitive
information (CVE-2019-11455).
Comment 1 Andrey Bondrov 2019-09-10 16:32:00 MSK 
Done, both are fixed with update to new version 5.26.0.