openSUSE-SU-2017:0621-1

Опубликовано: 06 мар. 2017

Источник: suse-cvrf

Описание

Security update for munin

This update for munin fixes the following issues:

An attacker has been able to write arbitrary local files with the permissions of the web server, by using parameter injection (boo#1026539, CVE-2017-6188)
The MySQL plugin has been fixed to work correctly against MySQL 5.5 on Leap 42.1

Список пакетов

openSUSE Leap 42.1

munin-2.0.25-9.1

munin-node-2.0.25-9.1

openSUSE Leap 42.2

munin-2.0.25-9.1

munin-node-2.0.25-9.1

Ссылки

https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00004.html
E-Mail link for openSUSE-SU-2017:0621-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user.

Затронутые продукты

openSUSE Leap 42.1:munin-2.0.25-9.1

openSUSE Leap 42.1:munin-node-2.0.25-9.1

openSUSE Leap 42.2:munin-2.0.25-9.1

openSUSE Leap 42.2:munin-node-2.0.25-9.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-6188.html
CVE-2017-6188
https://bugzilla.suse.com/1026539
SUSE Bug 1026539

openSUSE-SU-2017:0621-1

Описание

Список пакетов

openSUSE Leap 42.1

openSUSE Leap 42.2

Ссылки

Уязвимость: CVE-2017-6188

Описание

Затронутые продукты

Ссылки