Package name
ganglia
Date
2013-04-09
Advisory ID
MDVSA-2013:080
Affected versions
MBS1 x86_64

Problem description

Updated ganglia packages fix security vulnerability:

There is a security issue in Ganglia Web going back to at least
3.1.7 which can lead to arbitrary script being executed with web user
privileges possibly leading to a machine compromise.

Additionally, an issue where active NFS mounts caused gmond to not
start has also been corrected.

When installing ganglia-gmetad, the installer uses the non-existent
nobody, and not nogroup, as the group when changing new ownership
of files.

Updated packages

MBS1 x86_64

 9732d870408a50863d8a50d91b2c4532  mbs1/x86_64/ganglia-core-3.1.7-8.1.mbs1.x86_64.rpm
 c125a8e838fd45a3e5d9f779da04f775  mbs1/x86_64/ganglia-gmetad-3.1.7-8.1.mbs1.x86_64.rpm
 7a006461fbd22e82d1b1f39508c81f9e  mbs1/x86_64/ganglia-script-3.1.7-8.1.mbs1.x86_64.rpm
 2d220747f9c411c58921eafd12807dc0  mbs1/x86_64/ganglia-webfrontend-3.1.7-8.1.mbs1.x86_64.rpm
 5d8f04a57f0df8e76da3c27db48e54a2  mbs1/x86_64/lib64ganglia1-3.1.7-8.1.mbs1.x86_64.rpm
 0056fa0e3794fb1e627ba373814e95a4  mbs1/x86_64/lib64ganglia1-devel-3.1.7-8.1.mbs1.x86_64.rpm 
 0910f2b90b9b6321c2fec1d397a3b8e3  mbs1/SRPMS/ganglia-3.1.7-8.1.mbs1.src.rpm

References