User: Password:
|
|
Subscribe / Log in / New account

Ubuntu alert USN-1622-1 (munin)

From:  Marc Deslauriers <marc.deslauriers@canonical.com>
To:  ubuntu-security-announce@lists.ubuntu.com
Subject:  [USN-1622-1] Munin vulnerabilities
Date:  Mon, 05 Nov 2012 09:18:19 -0500
Message-ID:  <5097CAAB.3060506@canonical.com>
Archive-link:  Article, Thread

========================================================================== Ubuntu Security Notice USN-1622-1 November 05, 2012 munin vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 10.04 LTS Summary: Several security issues were fixed in Munin. Software Description: - munin: Network-wide graphing framework Details: It was discovered that the Munin qmailscan plugin incorrectly handled temporary files. A local attacker could use this issue to possibly overwrite arbitrary files. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10, and Ubuntu 12.04 LTS. (CVE-2012-2103) It was discovered that Munin incorrectly handled plugin state file permissions. An attacker obtaining privileges of the munin user could use this issue to escalate privileges to root. (CVE-2012-3512) It was discovered that Munin incorrectly handled specifying an alternate configuration file. A remote attacker could possibly use this issue to execute arbitrary code with the privileges of the web server. This issue only affected Ubuntu 12.10. (CVE-2012-3513) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: munin 2.0.2-1ubuntu2.2 Ubuntu 12.04 LTS: munin 1.4.6-3ubuntu3.3 Ubuntu 11.10: munin 1.4.5-3ubuntu4.11.10.2 Ubuntu 10.04 LTS: munin 1.4.4-1ubuntu1.2 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1622-1 CVE-2012-2103, CVE-2012-3512, CVE-2012-3513 Package Information: https://launchpad.net/ubuntu/+source/munin/2.0.2-1ubuntu2.2 https://launchpad.net/ubuntu/+source/munin/1.4.6-3ubuntu3.3 https://launchpad.net/ubuntu/+source/munin/1.4.5-3ubuntu4... https://launchpad.net/ubuntu/+source/munin/1.4.4-1ubuntu1.2 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds