Re: [Monitorix-general] Monitorix 3.10.1 released

Thu, 15 Mar 2018 02:50:07 -0700 

Hello Paco,
Since Monitorix is not in the official repositories of Ubuntu/Debian, no one is caring about the update of Monitorix. Instead you will have to wait until Izzy (Andreas Itzchak Rehberg) will update his own repository <http://apt.izzysoft.de/ubuntu/dists/generic/>. 


I'm currently pushing Monitorix 3.10.1 into stable repositories of 
Fedora and EPEL (CentOS and Red Hat), and probably others will start 
doing the same as package maintainers of their Linux distributions.



Izzy, is a very friendly person, so don't hesitate to send him an email 
and asking him anything related to that.


Regards.


On 03/15/2018 10:37 AM, FJ Almena wrote:

Hi there.

I am using monitorix on ubuntu 16 and do this:

service monitorix stop

apt-get update

apt-get upgrade

but nothing happens.

Currently running (3.10.0-izzy1)

Is is explained how to upgrade http://www.monitorix.org/faq.html#Q106

but for Ubuntu?

What am I missing?

Please advise.

Thanks,

Paco

On 15/03/2018 09:48, Jordi Sanfeliu wrote:


Monitorix 3.10.1 has been released!


Prior Monitorix versions are vulnerable to cross-site scripting (XSS), 
caused by improper validation of user-supplied input by the 
monitorix.cgi file. A remote attacker could exploit this vulnerability 
using some of the arguments provided (graph= or when=) in a 
specially-crafted URL to execute script in a victim's Web browser 
within the security context of the hosting Web site, once the URL is 
clicked. An attacker could use this vulnerability to steal the 
victim's cookie-based authentication credentials.



I would like to thank Sebastian Gilon from TestArmy for reporting that 
issue.


The rest of bugs fixed are, as always, reflected in the Changes file.


All users still using older versions are advised and encouraged to 
upgrade to this version, which resolves this security issue.


Regards.





--
Jordi Sanfeliu
FIBRANET Network Services Provider
http://www.fibranet.cat

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Monitorix-general mailing list
Monitorix-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/monitorix-general






















					Reply via email to