This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============0660060432102586617==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="7Gnn5QpBTcBmfeoxTqdEfgj3FCdN4LTP8"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--7Gnn5QpBTcBmfeoxTqdEfgj3FCdN4LTP8
Content-Type: multipart/mixed; boundary="f21Ob8jwJkiWFoPvv1MRhuIonTLaGBf7m"
From: Marc Deslauriers
Reply-To: Ubuntu Security
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <80577ed1-7844-c71a-8236-a49902f5dae6@canonical.com>
Subject: [USN-3215-2] Munin regression
--f21Ob8jwJkiWFoPvv1MRhuIonTLaGBf7m
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable
==========================================================================
Ubuntu Security Notice USN-3215-2
March 03, 2017
munin regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
USN-3215-1 introduced a regression in Munin.
Software Description:
- munin: Network-wide graphing framework
Details:
USN-3215-1 fixed a vulnerability in Munin. The upstream patch caused a
regression leading to errors being appended to the log file. This update
fixes the problem.
Original advisory details:
It was discovered that Munin incorrectly handled CGI graphs. A remote
attacker could use this issue to overwrite arbitrary files as the www-data
user.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
munin 2.0.19-3ubuntu0.3
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3215-2
http://www.ubuntu.com/usn/usn-3215-1
https://launchpad.net/bugs/1669764
Package Information:
https://launchpad.net/ubuntu/+source/munin/2.0.19-3ubuntu0.3
--f21Ob8jwJkiWFoPvv1MRhuIonTLaGBf7m--
--7Gnn5QpBTcBmfeoxTqdEfgj3FCdN4LTP8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJYuY1MAAoJEGVp2FWnRL6TaLMQAI2tLGNPfTy/9y6Ek/t9BPuG
ZcFSeKMu2sUUbVtfyBzc/7cBRvJhPF1L4i4PIjskJIjPE0eVqSFD0rTl6B57fGib
fsKVxIHrDjBYqfjKLmnJPD++eHoQ9VjK8AX0MQ0LXjI7yLFk9IdPW7Jm91SbfSXY
qV0aGkH8tospikjUA9A5DZssOJVbsXWTo4tWq93Rc+u1LL8+T5bDhVkxDx5gVBqO
I7A207InRt2X0F2v7kIZWmmW1G4rzRk/RUw3HFzl1sw/7nXeX/m2l2sDICSoz3zU
v/+74sUh2VlG2156+o6Zoi6rCI27qtxqmOmqUTTnULNUFP9rgI+XS6Iw2KFrdN7k
9H7VkIf1BVj1+sZH1SBiQO9dzmGNZ33R3hp0fVueAXlNXDOcVSm6VKM9EISHGR0a
+jc8q7XpryX48dQQysg/jnqioEL3c0mW4LSaqCTX0VLZZ0MLVeFWGmCuFIfzo6Rz
sd19HnoxHpvlHqdnJ0GC4XwP41Q/7zmYzr8INgiL9o1Gz/feF3M52WLyLLcHC2kX
q0svfPeI32zFDX1tlc5Kr6UsSPMHWzQ8w1P5f3uXsdVdPQN98B9duorf7XCtDTGo
XvJ/yL8vi700xPECJxy/RkCHUFSM3mKfJ4Rp8ZGel5zOSH0QFY7qZqISZwWFPQov
+AuwaQJ/5LELRjLvH48D
=musi
-----END PGP SIGNATURE-----
--7Gnn5QpBTcBmfeoxTqdEfgj3FCdN4LTP8--
--===============0660060432102586617==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============0660060432102586617==--
|