Debian Security Advisory
DSA-3405-1 smokeping -- security update
- Date Reported:
- 25 Nov 2015
- Affected Packages:
- smokeping
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-0859.
- More information:
-
Tero Marttila discovered that the Debian packaging for smokeping installed it in such a way that the CGI implementation of Apache httpd (mod_cgi) passed additional arguments to the smokeping_cgi program, potentially leading to arbitrary code execution in response to crafted HTTP requests.
For the oldstable distribution (wheezy), this problem has been fixed in version 2.6.8-2+deb7u1.
For the stable distribution (jessie), this problem has been fixed in version 2.6.9-1+deb8u1.
We recommend that you upgrade your smokeping packages.