Sicherheit: Cross-Site Scripting in Monitorix
Aktuelle Meldungen Distributionen
Name: Cross-Site Scripting in Monitorix
ID: FEDORA-2015-12813acfa3
Distribution: Fedora
Plattformen: Fedora 22
Datum: Do, 19. November 2015, 14:33
Referenzen: https://bugzilla.redhat.com/show_bug.cgi?id=1281979
Applikationen: Monitorix


Name        : monitorix
Product : Fedora 22
Version : 3.8.1
Release : 1.fc22
URL : http://www.monitorix.org
Summary : A free, open source, lightweight system monitoring tool
Description :
Monitorix is a free, open source, lightweight system monitoring tool designed
to monitor as many services and system resources as possible. It has been
created to be used under production Linux/UNIX servers, but due to its
simplicity and small size may also be used on embedded devices as well.

Update Information:

This is a maintenance release that mainly fixes a Document Object Model
(DOM)-based cross-site scripting (XSS) vulnerability in the monitorix.cgi file.
Such vulnerability is by injection a JS code in the when parameter of the URL
shown after generating the graphs. Additionally, a potential denial of service
(DoS) issue was discovered in the same when parameter of the URL which could
lead in the creation of an enormous amount of .png files in the imgs directory
of the server.

[ 1 ] Bug #1281979 - monitorix-3.8.1 is available

This update can be installed with the "yum" update program. Use
su -c 'yum update monitorix' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list
Pro-Linux @Facebook
Neue Nachrichten