Update monit from 5.31 to 5.32 for security Reasons in 22.04
Bug #1969679 reported by
KaeTuuN
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| monit (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Bug Description
First of all: I'm not familiar with the update Process for Ubuntu, but this Update looks important to me:
"Fixed: PAM authentication: Users with a valid password for a disabled account could still login to Monit. Thanks to Youssef Rebahi-Gilbert."
-> since you can Start/Stop monitored Services here it could have a big impact, if a disabled User is still able to perform this tasks.
Fixed: The Monit HTTP interface could be blocked by sending a request with an infinite stream of HTTP headers. Thanks to Youssef Rebahi-Gilbert for report.
-> This makes monit unavailable and Admins will be nearly blind on the monitoring Front.
Source: https:/
Greetings
Revision history for this message
| Seth Arnold (seth-arnold) wrote | #1 |
| tags: | added: community-security |
| information type: | Private Security → Public Security |
To post a comment you must log in.
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https:/