drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Cross-Site Scripting in Monitorix
Name: |
Cross-Site Scripting in Monitorix |
|
ID: |
FEDORA-2015-12813acfa3 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 22 |
|
Datum: |
Do, 19. November 2015, 14:33 |
|
Referenzen: |
https://bugzilla.redhat.com/show_bug.cgi?id=1281979 |
|
Applikationen: |
Monitorix |
|
Originalnachricht |
Name : monitorix Product : Fedora 22 Version : 3.8.1 Release : 1.fc22 URL : http://www.monitorix.org Summary : A free, open source, lightweight system monitoring tool Description : Monitorix is a free, open source, lightweight system monitoring tool designed to monitor as many services and system resources as possible. It has been created to be used under production Linux/UNIX servers, but due to its simplicity and small size may also be used on embedded devices as well.
------------------------------------------------------------------------------- - Update Information:
This is a maintenance release that mainly fixes a Document Object Model (DOM)-based cross-site scripting (XSS) vulnerability in the monitorix.cgi file. Such vulnerability is by injection a JS code in the when parameter of the URL shown after generating the graphs. Additionally, a potential denial of service (DoS) issue was discovered in the same when parameter of the URL which could lead in the creation of an enormous amount of .png files in the imgs directory of the server. ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1281979 - monitorix-3.8.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1281979 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update monitorix' at the command line. For more information, refer to "Managing Software with yum", available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|