Sicherheit: Cross-Site Scripting in Monitorix
Aktuelle Meldungen Distributionen
Name: Cross-Site Scripting in Monitorix
ID: FEDORA-2015-b6b8582f4e
Distribution: Fedora
Plattformen: Fedora 23
Datum: Do, 19. November 2015, 14:33
Referenzen: https://bugzilla.redhat.com/show_bug.cgi?id=1281979
Applikationen: Monitorix


Name        : monitorix
Product : Fedora 23
Version : 3.8.1
Release : 1.fc23
URL : http://www.monitorix.org
Summary : A free, open source, lightweight system monitoring tool
Description :
Monitorix is a free, open source, lightweight system monitoring tool designed
to monitor as many services and system resources as possible. It has been
created to be used under production Linux/UNIX servers, but due to its
simplicity and small size may also be used on embedded devices as well.

Update Information:

This is a maintenance release that mainly fixes a Document Object Model
(DOM)-based cross-site scripting (XSS) vulnerability in the monitorix.cgi file.
Such vulnerability is by injection a JS code in the when parameter of the URL
shown after generating the graphs. Additionally, a potential denial of service
(DoS) issue was discovered in the same when parameter of the URL which could
lead in the creation of an enormous amount of .png files in the imgs directory
of the server.

[ 1 ] Bug #1281979 - monitorix-3.8.1 is available

This update can be installed with the "yum" update program. Use
su -c 'yum update monitorix' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list
Pro-Linux @Facebook
Neue Nachrichten