Описание
Security update for monit
This update for monit fixes the following issues:
- CVE-2016-7067: A malicious attacker could have used a cross-site request forgery vulnerability to trick an authenticated user to perform monit actions.
Monit was updated to 5.20, containing all upstream improvements and bug fixes.
The following tracked packaging bugs were fixed:
- disable sslv3 according to RFC7568 (boo#974763)
- fixed pid file directory (boo#971647)
Список пакетов
openSUSE Leap 42.1
monit-5.20.0-13.1
monit-doc-5.20.0-13.1
openSUSE Leap 42.2
monit-5.20.0-13.1
monit-doc-5.20.0-13.1
Ссылки
- E-Mail link for openSUSE-SU-2016:2877-1
- SUSE Security Ratings
Описание
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Затронутые продукты
openSUSE Leap 42.1:monit-5.20.0-13.1
openSUSE Leap 42.1:monit-doc-5.20.0-13.1
openSUSE Leap 42.2:monit-5.20.0-13.1
openSUSE Leap 42.2:monit-doc-5.20.0-13.1
Ссылки
- CVE-2014-3566
- SUSE Bug 1011293
- SUSE Bug 1031023
- SUSE Bug 901223
- SUSE Bug 901254
- SUSE Bug 901277
- SUSE Bug 901748
- SUSE Bug 901757
- SUSE Bug 901759
- SUSE Bug 901889
- SUSE Bug 901968
- SUSE Bug 902229
- SUSE Bug 902476
- SUSE Bug 902912
- SUSE Bug 903405
- SUSE Bug 903684
- SUSE Bug 903690
- SUSE Bug 903692
- SUSE Bug 904889
- SUSE Bug 905106
Описание
Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service.
Затронутые продукты
openSUSE Leap 42.1:monit-5.20.0-13.1
openSUSE Leap 42.1:monit-doc-5.20.0-13.1
openSUSE Leap 42.2:monit-5.20.0-13.1
openSUSE Leap 42.2:monit-doc-5.20.0-13.1
Ссылки
- CVE-2016-7067
- SUSE Bug 1007455