Overview

File _patchinfo of Package patchinfo.5861

<patchinfo incident="5861">
  <issue id="971647" tracker="bnc">monit pid file directory not set properly</issue>
  <issue id="974763" tracker="bnc">Disable SSLv3 in Monit</issue>
  <issue id="1007455" tracker="bnc">VUL-0: CVE-2016-7067: monit: CSRF vulnerability</issue>
  <issue id="2016-7067" tracker="cve" />
  <issue id="2014-3566" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>dliedke</packager>
  <description>This update for monit fixes the following issues:

- CVE-2016-7067: A malicious attacker could have used a cross-site request forgery
                 vulnerability to trick an authenticated user to perform monit
                 actions.

Monit was updated to 5.20, containing all upstream improvements and bug fixes.

The following tracked packaging bugs were fixed:

- disable sslv3 according to RFC7568 (boo#974763)
- fixed pid file directory (boo#971647)
</description>
  <summary>Security update for monit</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places