Running 'monit restart all' on command line gives an error 'Invalid action “action=restart”' Ubuntu 16.04.4
Issue #766
closed
https://bugs.launchpad.net/ubuntu/+source/monit/+bug/1786910
(Is this fixed in a later version that hasn't been released for
Running 'monit restart all' on command line was working yesterday 13.8.2018 but after latest security patch was installed it gives an error 'Invalid action “action=restart”' Ubuntu 16.04.4 LTS monit: Installed: 1:5.16-2ubuntu0.1
One person commented in this thread:
I think all the problem is in the latest CVE-2016-7067.patch which features this change like this:
- "%s",
- "securitytoken=%s&action=%s",
- token,
the %s comes from a var which already has an "action=" in it
Comments (2)
-
repo owner
-
repo owner
- changed status to closed
3rd party bug
- Log in to comment
It's a 3rd party bug - it seems either debian or ubuntu maintainer tried to backport the CSRF fix from monit 5.20.0 to their monit package base (5.16.0) and introduced this problem - the official monit release doesn't suffer with this problem.
The Ubuntu package maintainer should fix their patch or upgrade the monit to 5.21.0 or later.