Advisories » MGASA-2017-0101

Updated munin packages fix security vulnerability

Publication date: 04 Apr 2017
Modification date: 04 Apr 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-6188

Description

Stevie Trujillo discovered a local file write vulnerability in munin, a
network-wide graphing framework, when CGI graphs are enabled. GET
parameters are not properly handled, allowing to inject options into
munin-cgi-graph and overwriting any file accessible by the user running
the cgi-process (CVE-2017-6188).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20335
• https://www.debian.org/security/2017/dsa-3794
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6188

SRPMS

5/core

• munin-2.0.25-1.1.mga5