The update for munin issued as DSA-3794-2 caused a regression leading to Perl warnings being appended to the munin-cgi-graph log file. Updated packages are now available to correct this issue. For reference, the original advisory text follows.

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3794-3                   This email address is being protected from spambots. You need JavaScript enabled to view it.
https://www.debian.org/security/                     Salvatore Bonaccorso
March 03, 2017                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : munin
Debian Bug     : 856536

The update for munin issued as DSA-3794-2 caused a regression leading to
Perl warnings being appended to the munin-cgi-graph log file. Updated
packages are now available to correct this issue. For reference, the
original advisory text follows.

Stevie Trujillo discovered a local file write vulnerability in munin, a
network-wide graphing framework, when CGI graphs are enabled. GET
parameters are not properly handled, allowing to inject options into
munin-cgi-graph and overwriting any file accessible by the user running
the cgi-process.

For the stable distribution (jessie), this problem has been fixed in
version 2.0.25-1+deb8u3.

We recommend that you upgrade your munin packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.