Sicherheit: Mangelnde Rechteprüfung in monitorix
Aktuelle Meldungen Distributionen
Name: Mangelnde Rechteprüfung in monitorix
ID: FEDORA-2021-5f7da70bfe
Distribution: Fedora
Plattformen: Fedora 33
Datum: Fr, 5. Februar 2021, 07:12
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3325
Applikationen: Monitorix


Fedora Update Notification
2021-02-05 01:57:58.090629

Name : monitorix
Product : Fedora 33
Version : 3.13.1
Release : 1.fc33
URL : http://www.monitorix.org
Summary : A free, open source, lightweight system monitoring tool
Description :
Monitorix is a free, open source and lightweight system monitoring tool
designed to monitor as many services and system resources as possible. It has
been created to be used under production Linux/UNIX servers, but due to its
simplicity and small size may also be used on embedded devices as well.

Update Information:

Security fix for [CVE-2021-3325]. This new version fixes a security bug
introduced in the 3.13.0 version that lead the HTTP built-in server to bypass
the Basic Authentication when the option hosts_deny is not defined, which is
default. Besides this fix, this version also updates the main configuration
file to add the option hosts_deny = all by default inside the auth subsection,
in an attempt to make the default behaviour more clear. All users using the
3.13.0 version are advised and encouraged to upgrade to this new version, which
resolves the security issue. ---- This new version introduces three new
modules: the long-awaited pgsql.pm capable of monitoring up to 9 databases of
unlimited number of PostgreSQL servers, the redis.pm and tinyproxy.pm which are
both also capable of monitoring an unlimited number of Redis and Tinyproxy
servers respectively. This version also includes some interesting new
The new CSS theming support will allow people to create their own color themes.
The new support for the ss command in port.pm and nginx.pm modules. The ability
to map the device names and also to include a title name in disk.pm module. The
new stacked visualization of network stats available on a number of modules,
more. Also with this new version, Monitorix is able to be executed as a
user instead of root. This is of course subject to the capabilities of each
module to get statistics without using the superuser. The rest of new
changes and bugs fixed are, as always, reflected in the Changes file.

* Wed Jan 27 2021 Jordi Sanfeliu <jordi@fibranet.cat> - 3.13.1-1
- Updated to 3.13.1.
* Fri Jan 22 2021 Jordi Sanfeliu <jordi@fibranet.cat> - 3.13.0-1
- Updated to 3.13.0.

[ 1 ] Bug #1920998 - monitorix-3.13.1 is available
[ 2 ] Bug #1921333 - CVE-2021-3325 monitorix: Basic Authentication bypass in
a default installatio [fedora-all]

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-5f7da70bfe' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Pro-Linux @Facebook
Neue Nachrichten