-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : monit Version : 1:5.4-2+deb7u2 CVE ID : CVE-2016-7067 Debian Bug : 847196
The update for monit issued as DLA-732-1 causes monit to segfault at actions such as start/stop/restart. This update fixes the regression. For reference the original advisory text follows. Adith Sudhakar discovered a cross-site request forgery (CSRF) issue in monit, a utility for monitoring hosts and services. An attacker could cause an authenticated admin to change monitoring for hosts/services through a forged link. This update fixes the vulnerability by adding CSRF protection via a security token and enforced POST requests for actions that cause changes to the monitoring. For Debian 7 "Wheezy", these problems have been fixed in version 1:5.4-2+deb7u2. We recommend that you upgrade your monit packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -- Jonas Meurer -----BEGIN PGP SIGNATURE----- iQJEBAEBCAAuFiEELIzSg9Pv30M4kOeDUmLn/0kQSf4FAlhGyocQHG1lam9AZGVi aWFuLm9yZwAKCRBSYuf/SRBJ/qpnEACDEDjAISM4VIqu/CkHmKUXwIFUbhIeOJZV 02nxdEcLU5aVCScjsCTe8zCnvGPjQHNK4Jz8ToJQPeayOXs53L4OHsbg+nHKzF0x syaWDDmoR3vCnQ5/IPoKZa65UnXDak6/ygWCSZtvLDIuUNRpMlgwPL+rgQ7rYVzG UD9i1h5vA3N6A3wGyKKd5eqpjIh5Yi9e0Rp3/JKjbfMRP3iTGOZ+fu6ztpFK3eZu p1mT2sad9ndddhHcOQ7U2LXROtVwEHfYs/DFhH1fCMfZRm5cBd9nlmHx/YMNgNXN EzoyaY4iOPiSeuF6Cnw4VZEG425QYamr1xSVply7IoZpNI1LWdb3rThTDpz5esxJ R9GaYzFl9aHbsZxLueFwtDt+qYRac/L+fKKq9J8U+/EDFZvoPIMtJHtV3FvyX3BR YnNTMhS5dEPzGnps55MBzMXXoBJMmLQbAhmFg4l7Bbb+08jrfA/2RswFy5txLcF0 Si/V9iQQ3l6MO4gWOzlovrqpLHqyUT3ynDIGdHSFfVLniU6D/N400w/nY+bR+N6i Hd4qdIrakyDqau1g6xXQeKyxnbXtH47RLRo+mtanOHdFCmgAZ3QN+xsSpJB2E4ET ThVQxAlmgRYtW0c2+mQpe0mhxKbiIxia2zVg0utxmv6Xto5YEmahbQOac4QQURcz ItdQvMOiWw== =BMVh -----END PGP SIGNATURE-----