Debian Security Advisory DSA-3794-3 firstname.lastname@example.org https://www.debian.org/security/ Salvatore Bonaccorso March 03, 2017 https://www.debian.org/security/faq
Package : munin Debian Bug : 856536
The update for munin issued as DSA-3794-2 caused a regression leading to Perl warnings being appended to the munin-cgi-graph log file. Updated packages are now available to correct this issue. For reference, the original advisory text follows.
Stevie Trujillo discovered a local file write vulnerability in munin, a network-wide graphing framework, when CGI graphs are enabled. GET parameters are not properly handled, allowing to inject options into munin-cgi-graph and overwriting any file accessible by the user running the cgi-process.
For the stable distribution (jessie), this problem has been fixed in version 2.0.25-1+deb8u3.
We recommend that you upgrade your munin packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: email@example.com