43967 – Security flaw : please upgrade monit ASAP

Bug 43967 - Security flaw : please upgrade monit ASAP

Summary: Security flaw : please upgrade monit ASAP

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	GLSA Errors (show other bugs)
Hardware:	All All

Importance:	High critical (vote)
Assignee:	Gentoo Security

URL:	http://www.tildeslash.com/monit/
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2004-03-07 09:59 UTC by Jedi/Sector One
Modified:	2004-04-01 07:04 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Flags:	klieber: Assigned_To? (aescriva)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jedi/Sector One 2004-03-07 09:59:18 UTC

There's a remotely exploitable vulnerability in Monit < 4.1.1 .
Current stable and unstable versions in the portage tree are vulnerable.
Please upgrade Monit to 4.1.1 ASAP.
Bumping the version number in the ebuild is enough, I've been extensively testing it.

Comment 1 Kurt Lieber (RETIRED) gentoo-dev

2004-03-30 00:16:55 UTC

http://www.tildeslash.com/monit/secadv_20031121.txt contains the vuln. posting.

Markus -- 4.2 is ~masked in portage.  Can you see if we can bump that to stable?

The only arch that 4.1 is even keyworded for is x86, so we don't need to worry about other arches for this particular bug.

Comment 2 Kurt Lieber (RETIRED) gentoo-dev

2004-03-30 00:18:53 UTC

Aida -- can you draft a GLSA for this one?

Comment 3 Aida Escriva-Sammer (RETIRED) gentoo-dev

2004-03-30 04:38:54 UTC

GLSA in progress.

Comment 4 Markus Nigbur (RETIRED) gentoo-dev

2004-03-30 13:10:18 UTC

4.2 marked stbale on x86. Should run without any issues, else blame me.

Comment 5 Thierry Carrez (RETIRED) gentoo-dev

2004-04-01 07:04:52 UTC

GLSA 200403-14 sent
Closing.