[SECURITY] [DLA 836-1] munin security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 836-1] munin security update
From: Jonas Meurer <mejo@debian.org>
Date: Sat, 25 Feb 2017 18:07:25 +0100
Message-id: <[🔎] 7c41c5a7-a007-ccc6-069c-f58ace34be25@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : munin
Version        : 2.0.6-4+deb7u3
CVE ID         : CVE-2017-6188
Debian Bug     : 855705


Stevie Trujillo discovered a command injection vulnerability in munin,
a network-wide graphing framework. The CGI script for drawing graphs
allowed to pass arbitrary GET parameters to local shell command,
allowing command execution as the user that runs the webserver.

For Debian 7 "Wheezy", these problems have been fixed in version
2.0.6-4+deb7u3.

We recommend that you upgrade your munin packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


- -- 
Jonas Meurer

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEELIzSg9Pv30M4kOeDUmLn/0kQSf4FAlixuc0QHG1lam9AZGVi
aWFuLm9yZwAKCRBSYuf/SRBJ/stvD/48LRKaMt+C1fUVDJhInK1zwQOqObZwjlED
l89qzTnE1ycFm9dXSPFGxN4ffhjdkzLqG7dY3Il/FlxEo8dI8Dbq7xkyv2SMr7GS
OSbhEMi1QMIDynyLdue7bvirbEKQYhk3gYHLh9fCy/eX7OliMR2lhGvIsjK6prc4
bs6NecFMlaF8Yf615//YX0AkyLbdBipB0TdqlFscY3Dd4B1Ysi5Zp+Cv0gz9DlNv
tkM/a9MdKzRRAgw6pcudP/t6XJ2EbYRdjjNgJcEDm2PN6LHtMX+ZxxtDgdbrIug7
YMQoqODFev0pQvGNp7fDK7x2mZqys+lQ9x/f/SLEkzhJxO2as3xiBoUuNRXC7e0a
R2Vu6ttkIiLZEAQrzXZTukg2FWv7I4q2RJOf+CxxrdG73ZACv1M5jNj41YJBS7VD
N6qqM4z8fxQ3LDE7MNXn05wqZYdcjpvtXWvebsZTMPNhegS9oEux4AucxJIkKwbq
qLsizkTSSk4lDtwjLOD4kCMxunYW9sqHb//3kDRcZ/i0nKV26QND4Qh8/nW+EJR+
Ov92hPrRpCXGWKJsfZym0KNvFEqeoLqMJIML1x/wehz8PxZoSnCuYn4rP0O0PtX7
zvz12dgDpgpR8BhFT9pNUgjGbcXwl/gckfl2pQy9DVwpu+4udc2Ygs5zdz8wBTBC
f9exMci4zw==
=+cfd
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 835-1] cakephp security update
Next by Date: [SECURITY] [DLA 837-1] radare2 security update
Previous by thread: [SECURITY] [DLA 835-1] cakephp security update
Next by thread: [SECURITY] [DLA 837-1] radare2 security update
Index(es):
- Date
- Thread