Fedora 14 : monotone-0.48.1-1.fc14 (2010-16888)
Medium Nessus Plugin ID 50506
SynopsisThe remote Fedora host is missing a security update.
DescriptionUpdate to monotone-0.48.1, which contains a fix for a DoS :
Running 'mtn ' or 'mtn ls ' doesn't cause an internal error anymore. In monotone 0.48 and earlier this behavior could be used to crash a server remotely (but only if it was configured to allow execution of remote commands). Therefore everyone running such a server should update as soon as possible.
There's also a fix for a non-critical issue :
Using mtn:// style URIs for netsync operations didn't work with 0.48 on systems which only have a 'monotone' entry in /etc/services.
Failing to find a corresponding entry for the schema in a given URI isn't considered fatal now, instead mtn falls back to its default port.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected monotone package.