- ------------------------------------------------------------------------- Debian Security Advisory DSA-3794-3 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso March 03, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : munin Debian Bug : 856536 The update for munin issued as DSA-3794-2 caused a regression leading to Perl warnings being appended to the munin-cgi-graph log file. Updated packages are now available to correct this issue. For reference, the original advisory text follows. Stevie Trujillo discovered a local file write vulnerability in munin, a network-wide graphing framework, when CGI graphs are enabled. GET parameters are not properly handled, allowing to inject options into munin-cgi-graph and overwriting any file accessible by the user running the cgi-process. For the stable distribution (jessie), this problem has been fixed in version 2.0.25-1+deb8u3. We recommend that you upgrade your munin packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
Debian: DSA-3794-3: munin regression update
The update for munin issued as DSA-3794-2 caused a regression leading to Perl warnings being appended to the munin-cgi-graph log file. Updated packages are now available to correct this issue. For reference, the original advisory text follows.
