[SECURITY] [DSA 3794-3] munin regression update

ID DEBIAN:DSA-3794-3:95892
Type debian
Reporter Debian
Modified 2017-03-03T20:08:33


Debian Security Advisory DSA-3794-3 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 03, 2017 https://www.debian.org/security/faq

Package : munin Debian Bug : 856536

The update for munin issued as DSA-3794-2 caused a regression leading to Perl warnings being appended to the munin-cgi-graph log file. Updated packages are now available to correct this issue. For reference, the original advisory text follows.

Stevie Trujillo discovered a local file write vulnerability in munin, a network-wide graphing framework, when CGI graphs are enabled. GET parameters are not properly handled, allowing to inject options into munin-cgi-graph and overwriting any file accessible by the user running the cgi-process.

For the stable distribution (jessie), this problem has been fixed in version 2.0.25-1+deb8u3.

We recommend that you upgrade your munin packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org