Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 43967

Summary: Security flaw : please upgrade monit ASAP
Product: Gentoo Security Reporter: Jedi/Sector One <gentoo>
Component: GLSA ErrorsAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: critical CC: pYrania
Priority: High Flags: klieber: Assigned_To? (aescriva)
Version: unspecified   
Hardware: All   
OS: All   
URL: http://www.tildeslash.com/monit/
Whiteboard:
Package list:
Runtime testing required: ---

Description Jedi/Sector One 2004-03-07 09:59:18 UTC
There's a remotely exploitable vulnerability in Monit < 4.1.1 .
Current stable and unstable versions in the portage tree are vulnerable.
Please upgrade Monit to 4.1.1 ASAP.
Bumping the version number in the ebuild is enough, I've been extensively testing it.
Comment 1 Kurt Lieber (RETIRED) gentoo-dev 2004-03-30 00:16:55 UTC
http://www.tildeslash.com/monit/secadv_20031121.txt contains the vuln. posting.

Markus -- 4.2 is ~masked in portage.  Can you see if we can bump that to stable?

The only arch that 4.1 is even keyworded for is x86, so we don't need to worry about other arches for this particular bug.
Comment 2 Kurt Lieber (RETIRED) gentoo-dev 2004-03-30 00:18:53 UTC
Aida -- can you draft a GLSA for this one?
Comment 3 Aida Escriva-Sammer (RETIRED) gentoo-dev 2004-03-30 04:38:54 UTC
GLSA in progress. 
Comment 4 Markus Nigbur (RETIRED) gentoo-dev 2004-03-30 13:10:18 UTC
4.2 marked stbale on x86. Should run without any issues, else blame me.
Comment 5 Thierry Carrez (RETIRED) gentoo-dev 2004-04-01 07:04:52 UTC
GLSA 200403-14 sent
Closing.