2 matches found
Debian DSA-3794-1 : munin - security update
Stevie Trujillo discovered a local file write vulnerability in munin, a network-wide graphing framework, when CGI graphs are enabled. GET parameters are not properly handled, allowing to inject options into munin-cgi-graph and overwriting any file accessible by the user running the cgi-process...
Debian DLA-20-1 : munin security update
Christoph Biedl - munin-node: more secure state file handling, introducing a new plugin state directory root, owned by uid 0. Then each plugin runs in its own UID plugin state directory, owned by that UID. Closes: 684075, Closes: 679897, closes CVE-2012-3512. - plugins: use runtime...