openSUSE Security Update : monit (openSUSE-2016-1339) (POODLE)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for monit fixes the following issues :

- CVE-2016-7067: A malicious attacker could have used a
cross-site request forgery vulnerability to trick an
authenticated user to perform monit actions.

Monit was updated to 5.20, containing all upstream improvements and
bug fixes.

The following tracked packaging bugs were fixed :

- disable sslv3 according to RFC7568 (boo#974763)

- fixed pid file directory (boo#971647)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1007455
https://bugzilla.opensuse.org/show_bug.cgi?id=971647
https://bugzilla.opensuse.org/show_bug.cgi?id=974763

Solution :

Update the affected monit packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

Family: SuSE Local Security Checks

Nessus Plugin ID: 95272 ()

Bugtraq ID:

CVE ID: CVE-2014-3566
CVE-2016-7067

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now