Bug 679808 (CVE-2019-1010311, CVE-2019-1010312)

Summary:	<app-admin/monit-5.25.3: Multiple vulnerabilities (use after free, buffer overread, XSS)
Product:	Gentoo Security	Reporter:	Hanno Böck <hanno>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	patrick, sam
Priority:	Normal	Flags:	stable-bot: sanity-check+
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://mmonit.com/monit/changes/
Whiteboard:	B3 [noglsa]
Package list:	app-admin/monit-5.25.3	Runtime testing required:	---

Description Hanno Böck gentoo-dev

2019-03-08 20:16:24 UTC

The release notes for 5.25.3 mention two security issues:
https://mmonit.com/monit/changes/

 Fixed: XSS vulnerabilitty: HTML escape the log file content when viewed via Monit GUI. Thanks to Zack Flack for report.
Fixed: Buffer over-read vulnerability in URL decoding for specially crafted URLs. Thanks to Zack Flack for report. 

Furthermore there's a use after free bug fixed that I reported a while ago:
https://bitbucket.org/tildeslash/monit/issues/764

5.25.3 is already in the tree, but not stabilized yet.

Comment 1 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev

2019-03-08 20:59:45 UTC

So let's stabilize...

Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev

2019-03-09 19:20:06 UTC

x86 stable

Comment 3 Mikle Kolyada (RETIRED) archtester

2019-03-10 13:43:44 UTC

amd64 stable

Comment 4 ernsteiswuerfel archtester

2019-03-14 15:55:37 UTC

Looking good on ppc.

# cat monit-679808.report 
USE tests started on Do 14. Mär 16:40:46 CET 2019

FEATURES=' test' USE='' succeeded for =app-admin/monit-5.25.3
USE='-ipv6 -libressl -pam -ssl' succeeded for =app-admin/monit-5.25.3
USE='ipv6 -libressl -pam -ssl' succeeded for =app-admin/monit-5.25.3
USE='ipv6 libressl -pam -ssl' succeeded for =app-admin/monit-5.25.3
USE='-ipv6 -libressl pam -ssl' succeeded for =app-admin/monit-5.25.3
USE='ipv6 -libressl pam -ssl' succeeded for =app-admin/monit-5.25.3
USE='ipv6 libressl pam -ssl' succeeded for =app-admin/monit-5.25.3
USE='ipv6 -libressl -pam ssl' succeeded for =app-admin/monit-5.25.3
USE='ipv6 libressl -pam ssl' : blocked packages (probably) for =app-admin/monit-5.25.3
USE='-ipv6 -libressl pam ssl' succeeded for =app-admin/monit-5.25.3
USE='ipv6 -libressl pam ssl' succeeded for =app-admin/monit-5.25.3
USE='-ipv6 libressl pam ssl' : blocked packages (probably) for =app-admin/monit-5.25.3
USE='ipv6 libressl pam ssl' : blocked packages (probably) for =app-admin/monit-5.25.3

Comment 5 Sergei Trofimovich (RETIRED) gentoo-dev

2019-03-16 19:40:05 UTC

ppc stable thanks to ernsteiswuerfel \o/

Comment 6 Aaron Bauman (RETIRED) gentoo-dev

2019-03-20 14:06:56 UTC

Please clean vulnerable.

Comment 7 Larry the Git Cow gentoo-dev

2019-04-09 05:21:52 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fe5b8b3986e2260e658318eb2b368d17710674b6

commit fe5b8b3986e2260e658318eb2b368d17710674b6
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2019-04-09 05:21:36 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2019-04-09 05:21:36 +0000

    app-admin/monit: Security cleanup
    
    Bug: https://bugs.gentoo.org/679808
    Package-Manager: Portage-2.3.62, Repoman-2.3.12
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 app-admin/monit/Manifest               |  2 --
 app-admin/monit/monit-5.25.1.ebuild    | 51 ------------------------------
 app-admin/monit/monit-5.25.2-r1.ebuild | 58 ----------------------------------
 3 files changed, 111 deletions(-)

Comment 8 Thomas Deutschmann (RETIRED) gentoo-dev

2020-03-02 23:06:46 UTC

*** Bug 711216 has been marked as a duplicate of this bug. ***