UbuntuUpdates.org

Package "munin-plugins-extra"

Name: munin-plugins-extra

Description:

network-wide graphing framework (user contributed plugins for node)

Latest version: 2.0.25-2ubuntu0.16.04.3
Release: xenial (16.04)
Level: security
Repository: universe
Head package: munin
Homepage: http://munin-monitoring.org

Links


Download "munin-plugins-extra"


Other versions of "munin-plugins-extra" in Xenial

Repository Area Version
base universe 2.0.25-2
updates universe 2.0.25-2ubuntu0.16.04.4

Changelog

Version: 2.0.25-2ubuntu0.16.04.3 2017-03-03 16:06:49 UTC

  munin (2.0.25-2ubuntu0.16.04.3) xenial-security; urgency=medium

  * SECURITY REGRESSION: log spamming issue (LP: #1669764)
    - debian/patches/CVE-2017-6188-3.patch: use looks_like_number in
      master/_bin/munin-cgi-graph.in.

 -- Marc Deslauriers <email address hidden> Fri, 03 Mar 2017 07:19:15 -0500

Source diff to previous version
1669764 security update spams log file
CVE-2017-6188 Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting

Version: 2.0.25-2ubuntu0.16.04.2 2017-03-02 16:07:06 UTC

  munin (2.0.25-2ubuntu0.16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: local file write vulnerability
    - debian/patches/CVE-2017-6188.patch: avoid expansion in list context
      in master/_bin/munin-cgi-graph.in.
    - debian/patches/CVE-2017-6188-2.patch: handle empty strings in
      master/_bin/munin-cgi-graph.in.
    - CVE-2017-6188

 -- Marc Deslauriers <email address hidden> Thu, 02 Mar 2017 07:15:21 -0500

CVE-2017-6188 Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting



About   -   Send Feedback to @ubuntu_updates