Debian 10260 Published by

A monit security update has been released for Debian GNU/Linux 8 and 9 Extended LTS to address an issue where users with disabled accounts but with a valid password can login.



ELA-906-1 monit security update

Package : monit
Version : 1:5.9-1+deb8u3 (jessie), 1:5.20.0-6+deb9u3 (stretch)

Related CVEs :
CVE-2022-26563

Youssef Rebahi-Gilbert discovered that users with disabled accounts but with a
valid password can login to Monit, a utility for monitoring and managing
daemons or similar programs, due to a flaw in the PAM authentication check.

ELA-906-1 monit security update