ArchLinux: 201905-1: munin: arbitrary file overwrite
Summary
A vulnerability in munin allows attackers to overwrite any file accessible to the webserver user by setting multiple upper_limit GET parameters when CGI graphs are enabled.
Resolution
Upgrade to 2.0.47-1.
# pacman -Syu "munin>=2.0.47-1"
The problem has been fixed upstream in version 2.0.47.
References
https://bugs.archlinux.org/task/57537 https://www.debian.org/security/2017/dsa-3794 https://github.com/munin-monitoring/munin/pull/797/commits/42ce18f24d3eae8be33526a198bf21e4f2330230 https://security.archlinux.org/CVE-2017-6188
Workaround
None.