UbuntuUpdates.org

Package "munin"

Name: munin

Description:

network-wide graphing framework (grapher/gatherer)
Latest version: 2.0.25-2ubuntu0.16.04.3
Release: xenial (16.04)
Level: security
Repository: universe
Homepage: http://munin-monitoring.org

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "munin"

All arch deb package
APT INSTALL

Other versions of "munin" in Xenial

Repository Area Version
base universe 2.0.25-2
updates universe 2.0.25-2ubuntu0.16.04.4

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.0.25-2ubuntu0.16.04.3 2017-03-03 16:06:49 UTC

  munin (2.0.25-2ubuntu0.16.04.3) xenial-security; urgency=medium

  * SECURITY REGRESSION: log spamming issue (LP: #1669764)
    - debian/patches/CVE-2017-6188-3.patch: use looks_like_number in
      master/_bin/munin-cgi-graph.in.

 -- Marc Deslauriers <email address hidden> Fri, 03 Mar 2017 07:19:15 -0500
Source diff to previous version
1669764 security update spams log file
CVE-2017-6188 Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting

Version: 2.0.25-2ubuntu0.16.04.2 2017-03-02 16:07:06 UTC

  munin (2.0.25-2ubuntu0.16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: local file write vulnerability
    - debian/patches/CVE-2017-6188.patch: avoid expansion in list context
      in master/_bin/munin-cgi-graph.in.
    - debian/patches/CVE-2017-6188-2.patch: handle empty strings in
      master/_bin/munin-cgi-graph.in.
    - CVE-2017-6188

 -- Marc Deslauriers <email address hidden> Thu, 02 Mar 2017 07:15:21 -0500
CVE-2017-6188 Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting


About   -   Send Feedback to @ubuntu_updates