Login
Newsletter
Werbung

Sicherheit: Überschreiben von Dateien in Munin (Aktualisierung)
Aktuelle Meldungen Distributionen
Name: Überschreiben von Dateien in Munin (Aktualisierung)
ID: USN-3215-2
Distribution: Ubuntu
Plattformen: Ubuntu 14.04 LTS
Datum: Sa, 4. März 2017, 00:40
Referenzen: Keine Angabe
Applikationen: Munin
Update von: Überschreiben von Dateien in Munin

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============0660060432102586617==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="7Gnn5QpBTcBmfeoxTqdEfgj3FCdN4LTP8"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--7Gnn5QpBTcBmfeoxTqdEfgj3FCdN4LTP8
Content-Type: multipart/mixed;
boundary="f21Ob8jwJkiWFoPvv1MRhuIonTLaGBf7m"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <80577ed1-7844-c71a-8236-a49902f5dae6@canonical.com>
Subject: [USN-3215-2] Munin regression

--f21Ob8jwJkiWFoPvv1MRhuIonTLaGBf7m
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-3215-2
March 03, 2017

munin regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

USN-3215-1 introduced a regression in Munin.

Software Description:
- munin: Network-wide graphing framework

Details:

USN-3215-1 fixed a vulnerability in Munin. The upstream patch caused a
regression leading to errors being appended to the log file. This update
fixes the problem.

Original advisory details:

It was discovered that Munin incorrectly handled CGI graphs. A remote
attacker could use this issue to overwrite arbitrary files as the www-data
user.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
munin 2.0.19-3ubuntu0.3

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-3215-2
http://www.ubuntu.com/usn/usn-3215-1
https://launchpad.net/bugs/1669764

Package Information:
https://launchpad.net/ubuntu/+source/munin/2.0.19-3ubuntu0.3



--f21Ob8jwJkiWFoPvv1MRhuIonTLaGBf7m--

--7Gnn5QpBTcBmfeoxTqdEfgj3FCdN4LTP8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJYuY1MAAoJEGVp2FWnRL6TaLMQAI2tLGNPfTy/9y6Ek/t9BPuG
ZcFSeKMu2sUUbVtfyBzc/7cBRvJhPF1L4i4PIjskJIjPE0eVqSFD0rTl6B57fGib
fsKVxIHrDjBYqfjKLmnJPD++eHoQ9VjK8AX0MQ0LXjI7yLFk9IdPW7Jm91SbfSXY
qV0aGkH8tospikjUA9A5DZssOJVbsXWTo4tWq93Rc+u1LL8+T5bDhVkxDx5gVBqO
I7A207InRt2X0F2v7kIZWmmW1G4rzRk/RUw3HFzl1sw/7nXeX/m2l2sDICSoz3zU
v/+74sUh2VlG2156+o6Zoi6rCI27qtxqmOmqUTTnULNUFP9rgI+XS6Iw2KFrdN7k
9H7VkIf1BVj1+sZH1SBiQO9dzmGNZ33R3hp0fVueAXlNXDOcVSm6VKM9EISHGR0a
+jc8q7XpryX48dQQysg/jnqioEL3c0mW4LSaqCTX0VLZZ0MLVeFWGmCuFIfzo6Rz
sd19HnoxHpvlHqdnJ0GC4XwP41Q/7zmYzr8INgiL9o1Gz/feF3M52WLyLLcHC2kX
q0svfPeI32zFDX1tlc5Kr6UsSPMHWzQ8w1P5f3uXsdVdPQN98B9duorf7XCtDTGo
XvJ/yL8vi700xPECJxy/RkCHUFSM3mKfJ4Rp8ZGel5zOSH0QFY7qZqISZwWFPQov
+AuwaQJ/5LELRjLvH48D
=musi
-----END PGP SIGNATURE-----

--7Gnn5QpBTcBmfeoxTqdEfgj3FCdN4LTP8--


--===============0660060432102586617==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============0660060432102586617==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung