[SECURITY] Fedora 23 Update: monitorix-3.8.1-1.fc23

updates at fedoraproject.org updates at fedoraproject.org
Thu Nov 19 10:04:32 UTC 2015 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-b6b8582f4e
2015-11-19 08:18:45.206738
--------------------------------------------------------------------------------

Name        : monitorix
Product     : Fedora 23
Version     : 3.8.1
Release     : 1.fc23
URL         : http://www.monitorix.org
Summary     : A free, open source, lightweight system monitoring tool
Description :
Monitorix is a free, open source, lightweight system monitoring tool designed
to monitor as many services and system resources as possible. It has been
created to be used under production Linux/UNIX servers, but due to its
simplicity and small size may also be used on embedded devices as well.

--------------------------------------------------------------------------------
Update Information:

This is a maintenance release that mainly fixes a Document Object Model
(DOM)-based cross-site scripting (XSS) vulnerability in the monitorix.cgi file.
Such vulnerability is by injection a JS code in the when parameter of the URL
shown after generating the graphs. Additionally, a potential denial of service
(DoS) issue was discovered in the same when parameter of the URL which could
lead in the creation of an enormous amount of .png files in the imgs directory
of the server.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1281979 - monitorix-3.8.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1281979
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program. Use
su -c 'yum update monitorix' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list