| Package | monit |
|---|---|
| Version | 1:5.9-1+deb8u3 (jessie), 1:5.20.0-6+deb9u3 (stretch) |
| Related CVEs | CVE-2022-26563 |
Youssef Rebahi-Gilbert discovered that users with disabled accounts but with a valid password can login to Monit, a utility for monitoring and managing daemons or similar programs, due to a flaw in the PAM authentication check.
For Debian 8 jessie, these problems have been fixed in version 1:5.9-1+deb8u3.
For Debian 9 stretch, these problems have been fixed in version 1:5.20.0-6+deb9u3.
We recommend that you upgrade your monit packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.