USN-4860-1: Monit vulnerabilities
15 March 2021
Several security issues were fixed in Monit.
Releases
Packages
- monit - utility for monitoring and managing daemons or similar programs
Details
Zack Flack discovered that Monit incorrectly handled certain input. A
remote authenticated user could exploit this to conduct cross-site
scripting (XSS) attacks. (CVE-2019-11454)
Zack Flack discovered a buffer overread when Monit decoded certain crafted
URLs. An attacker could exploit this to potentially leak sensitive
information. (CVE-2019-11455)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04
-
monit
-
1:5.25.1-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04
-
monit
-
1:5.16-2ubuntu0.2+esm1
Available with Ubuntu Pro
Ubuntu 14.04
-
monit
-
1:5.6-2ubuntu0.1+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.