UbuntuUpdates.org

Package "munin"

Name: munin

Description:

network-wide graphing framework (grapher/gatherer)
Latest version: 1.4.6-3ubuntu3.4
Release: precise (12.04)
Level: security
Repository: main
Homepage: http://munin-monitoring.org

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "munin"

All arch deb package
APT INSTALL

Other versions of "munin" in Precise

Repository Area Version
base main 1.4.6-3ubuntu3
base universe 1.4.6-3ubuntu3
security universe 1.4.6-3ubuntu3.4
updates universe 1.4.6-3ubuntu3.4
updates main 1.4.6-3ubuntu3.4

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.4.6-3ubuntu3.4 2014-01-27 18:06:33 UTC

  munin (1.4.6-3ubuntu3.4) precise-security; urgency=low

  * SECURITY UPDATE: multiple denial of service issues
    - debian/patches/CVE-2013-6xxx.patch: backport fixes from upstream to
      master/lib/Munin/Master/{HTMLOld,Node}.pm.
    - CVE-2013-6048
    - CVE-2013-6359
 -- Marc Deslauriers <email address hidden> Wed, 18 Dec 2013 09:43:31 -0500
Source diff to previous version
CVE-2013-6048 The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin ...
CVE-2013-6359 Munin::Master::Node in Munin before 2.0.18 allows remote attackers to ...

Version: 1.4.6-3ubuntu3.3 2012-11-05 15:06:56 UTC

  munin (1.4.6-3ubuntu3.3) precise-security; urgency=low

  * SECURITY UPDATE: symlink vulnerability in qmailscan plugin
    - debian/patches/CVE-2012-2103.patch: remove the use of tempfiles in
      plugins/node.d/qmailscan.in.
    - CVE-2012-2103
  * SECURITY UPDATE: privilege escalation via root running plugins
    - debian/patches/CVE-2012-3512.patch: run each plugin in their own
      state directory in Makefile, Makefile.config,
      node/lib/Munin/Node/{OS,Service}.pm, plugins/lib/Munin/Plugin.pm,
      plugins/node.d/*.in,plugins/node.d.linux/*.in.
    - debian/patches/CVE-2012-3512-regression.patch: Don't rely on
      MUNIN_PLUGSTATE being in the environment as these scripts also get
      run by a cron job in plugins/node.d.linux/apt_all.in,
      plugins/node.d.linux/apt.in.
    - CVE-2012-3512
  * debian/Makefile.config: added new plugin state directory location.
  * debian/munin-node.{postinst,postrm}: Remove old plugin state directory
    override, also remove new plugin state directory.
 -- Marc Deslauriers <email address hidden> Wed, 17 Oct 2012 08:26:39 -0400
CVE-2012-2103 The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.
CVE-2012-3512 local privilege escalation munin to root


About   -   Send Feedback to @ubuntu_updates