==========================================================================
Ubuntu Security Notice USN-3215-1
March 02, 2017

munin vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS

Summary:

Munin could be made to overwrite files.

Software Description:
– munin: Network-wide graphing framework

Details:

It was discovered that Munin incorrectly handled CGI graphs. A remote
attacker could use this issue to overwrite arbitrary files as the www-data
user.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
munin 2.0.19-3ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-3215-1
CVE-2017-6188

Package Information:
https://launchpad.net/ubuntu/+source/munin/2.0.19-3ubuntu0.2

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAEBCgAGBQJYuDxHAAoJEGVp2FWnRL6TLhAP/jIxsVhEpD88742BYZIulivJ
AAizGXZZAHTxg2JPZtCJd5bGybhjsNRzgKjx8CHl3QInHLwpWS1FUzMyHqPSJOqX
KZg5SeySOoNFh1NjclBaLV5efhWivqhPE6QGvoPCoP9yVJHSJ0ixQF23h3A0VLlN
M/p8EuspiRIHNLroZZMHiqC1JCiU1hDj9XJ3TyB6OsO9buKDzMEPd7jH9knlznB5
Be3Ju391APOk5waKRzLihecpiNnusaOO6o4kk2TWgghlA13QsZkgeJ11rT21AZPG
ZqrcQwCtUXMluwhn4bpGjciTvdWrsVp+isEVmFKIWir+lWjOSJUjTHsHfvtUIOKJ
DqBM4feyO6M9EzsLccTKAXRFIdE1/UL43GU5CGE/X8kVTOuC4MICw9vcplyPOcGy
ykJ0VLSnskmLyT6bJLLzYYNK8UdlnQc6M26VlV7koxfFmvzrkygMmZxbspruPixJ
494NWiuqs13qbvZs7u1dgI+NIRnp3h88/J7l9XEHQQbK4buNxpqzXnLgDXD978+j
CwhAGxO9Outi50xt0AqY2xbcDkfZyb2WCG6dQO5S5tMJ1IW3kcvgeCzdP9x/RcWV
zRk7piivO9fExpXb+jPqOT7+m5C/IrCH0zi9hAyO0oaa/9+hbYAP2QmDojjIDFis
unVHeBNS4tD5W0PHxpfz
=d05F
—–END PGP SIGNATURE—–

 

 

 

==========================================================================

Ubuntu Security Notice USN-3215-2

March 03, 2017

 

munin regression

==========================================================================

 

A security issue affects these releases of Ubuntu and its derivatives:

 

– Ubuntu 14.04 LTS

 

Summary:

 

USN-3215-1 introduced a regression in Munin.

 

Software Description:

– munin: Network-wide graphing framework

 

Details:

 

USN-3215-1 fixed a vulnerability in Munin. The upstream patch caused a

regression leading to errors being appended to the log file. This update

fixes the problem.

 

Original advisory details:

 

 It was discovered that Munin incorrectly handled CGI graphs. A remote

 attacker could use this issue to overwrite arbitrary files as the www-data

 user.

 

Update instructions:

 

The problem can be corrected by updating your system to the following

package versions:

 

Ubuntu 14.04 LTS:

  munin                           2.0.19-3ubuntu0.3

 

In general, a standard system update will make all the necessary changes.

 

References:

  http://www.ubuntu.com/usn/usn-3215-2

  http://www.ubuntu.com/usn/usn-3215-1

  https://launchpad.net/bugs/1669764

 

Package Information:

  https://launchpad.net/ubuntu/+source/munin/2.0.19-3ubuntu0.3

 

 

—–BEGIN PGP SIGNATURE—–

Version: GnuPG v2

 

iQIcBAEBCgAGBQJYuY1MAAoJEGVp2FWnRL6TaLMQAI2tLGNPfTy/9y6Ek/t9BPuG

ZcFSeKMu2sUUbVtfyBzc/7cBRvJhPF1L4i4PIjskJIjPE0eVqSFD0rTl6B57fGib

fsKVxIHrDjBYqfjKLmnJPD++eHoQ9VjK8AX0MQ0LXjI7yLFk9IdPW7Jm91SbfSXY

qV0aGkH8tospikjUA9A5DZssOJVbsXWTo4tWq93Rc+u1LL8+T5bDhVkxDx5gVBqO

I7A207InRt2X0F2v7kIZWmmW1G4rzRk/RUw3HFzl1sw/7nXeX/m2l2sDICSoz3zU

v/+74sUh2VlG2156+o6Zoi6rCI27qtxqmOmqUTTnULNUFP9rgI+XS6Iw2KFrdN7k

9H7VkIf1BVj1+sZH1SBiQO9dzmGNZ33R3hp0fVueAXlNXDOcVSm6VKM9EISHGR0a

+jc8q7XpryX48dQQysg/jnqioEL3c0mW4LSaqCTX0VLZZ0MLVeFWGmCuFIfzo6Rz

sd19HnoxHpvlHqdnJ0GC4XwP41Q/7zmYzr8INgiL9o1Gz/feF3M52WLyLLcHC2kX

q0svfPeI32zFDX1tlc5Kr6UsSPMHWzQ8w1P5f3uXsdVdPQN98B9duorf7XCtDTGo

XvJ/yL8vi700xPECJxy/RkCHUFSM3mKfJ4Rp8ZGel5zOSH0QFY7qZqISZwWFPQov

+AuwaQJ/5LELRjLvH48D

=musi

—–END PGP SIGNATURE—–

– 

—