Nom du paquet
munin
Date
2013-04-10
Advisory ID
MDVSA-2013:105
Affected versions
MBS1 x86_64

Problem description

Updated munin packages fix security vulnerabilities:

The qmailscan plugin for Munin before 2.0 rc6 allows local users to
overwrite arbitrary files via a symlink attack on temporary files
with predictable names (CVE-2012-2103).

Munin before 2.0.6 stores plugin state files that run as root in
the same group-writable directory as non-root plugins, which allows
local users to execute arbitrary code by replacing a state file,
as demonstrated using the smart_ plugin (CVE-2012-3512).

munin-cgi-graph in Munin before 2.0.6, when running as a CGI module
under Apache, allows remote attackers to load new configurations
and create files in arbitrary directories via the logdir command
(CVE-2012-3513).

Updated packages

MBS1 x86_64

 4c7fe485c14d7505fad9fd55a52b1149  mbs1/x86_64/munin-2.0-0.rc5.3.1.mbs1.noarch.rpm
 99d2b05b2bfa1dab1367488c10c1f3c0  mbs1/x86_64/munin-master-2.0-0.rc5.3.1.mbs1.noarch.rpm
 ecbb1b19cf63ab8e219cb65eb8ee74a8  mbs1/x86_64/munin-node-2.0-0.rc5.3.1.mbs1.noarch.rpm 
 2df651f2e31b3b65bf6e7af96898ba91  mbs1/SRPMS/munin-2.0-0.rc5.3.1.mbs1.src.rpm

References