[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: security advisory - which release?

From: Jan-Henrik Haukeland
Subject: Re: security advisory - which release?
Date: Sat, 10 Apr 2004 23:14:45 +0200
User-agent: Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.4 (Reasonable Discussion, linux)

Rick Robino <address@hidden> writes:

> Just noticed the security advisory, been pretty busy for a while here
> -
> I must have missed which release(s) the advisory applies to?  Just 4.2
> or earlier ones as well?  TIA.

Unfortunately earlier ones also (see the CHANGE log). All known
vulnerabilities are plugged in the current 4.2.1 release and you
should upgrade to this version.  It may be that some 3.x releases does
not have the Basic Auth. bug but they still have other vulnerabilities.
The safest is to upgrade to 4.2.1 which is the most hardened release
to date.

To be on the safe side (although I think it's safe now) you should
only run monit http bound to the loopback interface (so it's only
reachable from localhost) or run monit behind a firewall or simply
turn off the http interface although this reduce functional
interaction with monit.

Jan-Henrik Haukeland

reply via email to

[Prev in Thread] Current Thread [Next in Thread]