Ubuntu has issued an advisory on May 8: https://usn.ubuntu.com/3971-1/ The issues are fixed upstream in 5.25.3.
Done for mga6!
Advisory: ======================== Updated monit package fixes security vulnerabilities: Zack Flack discovered that Monit incorrectly handled certain input. A remote authenticated user could exploit this to conduct cross-site scripting (XSS) attacks (CVE-2019-11454). Zack Flack discovered a buffer overread when Monit decoded certain crafted URLs. An attacker could exploit this to leak potentially sensitive information (CVE-2019-11455). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11454 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11455 https://usn.ubuntu.com/3971-1/ ======================== Updated packages in core/updates_testing: ======================== monit-5.25.3-1.1.mga6 from monit-5.25.3-1.1.mga6.src.rpm
CC: (none) => geiger.david68210Assignee: geiger.david68210 => qa-bugs
MGA6-64 Plasma on Lenobo B50 No installation issues Followed advice of configuring local .monitrc file as per bug24049 Comment 4, followed then test exactly as per bug24049 Comment 7. I will not repeat all operations here as they are all exactly the same (apart from the pid number). OK for me.
Whiteboard: (none) => MGA6-64-OKCC: (none) => herman.viaene
Validating. Advisory in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => tmb
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0246.html
Status: NEW => RESOLVEDResolution: (none) => FIXED