[SECURITY] [DLA 732-2] monit regression update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : monit
Version : 1:5.4-2+deb7u2
CVE ID : CVE-2016-7067
Debian Bug : 847196
The update for monit issued as DLA-732-1 causes monit to segfault at
actions such as start/stop/restart. This update fixes the regression.
For reference the original advisory text follows.
Adith Sudhakar discovered a cross-site request forgery (CSRF) issue in
monit, a utility for monitoring hosts and services. An attacker could
cause an authenticated admin to change monitoring for hosts/services
through a forged link. This update fixes the vulnerability by adding
CSRF protection via a security token and enforced POST requests for
actions that cause changes to the monitoring.
For Debian 7 "Wheezy", these problems have been fixed in version
1:5.4-2+deb7u2.
We recommend that you upgrade your monit packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- --
Jonas Meurer
-----BEGIN PGP SIGNATURE-----
iQJEBAEBCAAuFiEELIzSg9Pv30M4kOeDUmLn/0kQSf4FAlhGyocQHG1lam9AZGVi
aWFuLm9yZwAKCRBSYuf/SRBJ/qpnEACDEDjAISM4VIqu/CkHmKUXwIFUbhIeOJZV
02nxdEcLU5aVCScjsCTe8zCnvGPjQHNK4Jz8ToJQPeayOXs53L4OHsbg+nHKzF0x
syaWDDmoR3vCnQ5/IPoKZa65UnXDak6/ygWCSZtvLDIuUNRpMlgwPL+rgQ7rYVzG
UD9i1h5vA3N6A3wGyKKd5eqpjIh5Yi9e0Rp3/JKjbfMRP3iTGOZ+fu6ztpFK3eZu
p1mT2sad9ndddhHcOQ7U2LXROtVwEHfYs/DFhH1fCMfZRm5cBd9nlmHx/YMNgNXN
EzoyaY4iOPiSeuF6Cnw4VZEG425QYamr1xSVply7IoZpNI1LWdb3rThTDpz5esxJ
R9GaYzFl9aHbsZxLueFwtDt+qYRac/L+fKKq9J8U+/EDFZvoPIMtJHtV3FvyX3BR
YnNTMhS5dEPzGnps55MBzMXXoBJMmLQbAhmFg4l7Bbb+08jrfA/2RswFy5txLcF0
Si/V9iQQ3l6MO4gWOzlovrqpLHqyUT3ynDIGdHSFfVLniU6D/N400w/nY+bR+N6i
Hd4qdIrakyDqau1g6xXQeKyxnbXtH47RLRo+mtanOHdFCmgAZ3QN+xsSpJB2E4ET
ThVQxAlmgRYtW0c2+mQpe0mhxKbiIxia2zVg0utxmv6Xto5YEmahbQOac4QQURcz
ItdQvMOiWw==
=BMVh
-----END PGP SIGNATURE-----
Reply to: