On 08/07/2014 04:48 PM, Holger Levsen wrote:
Package : munin
Version : 1.4.5-3+deb6u1
CVE ID : CVE-2012-3512 CVE-2013-6048 CVE-2013-6359
[ Christoph Biedl ]
* munin-node: more secure state file handling, introducing a new plugin
state directory root, owned by uid 0. Then each plugin runs in its own
UID plugin state directory, owned by that UID. (Closes: #684075),
(Closes: #679897), closes CVE-2012-3512.
* plugins: use runtime $ENV{MUNIN_PLUGSTATE}. So all properly written
plugins will use /var/lib/munin-node/plugin-state/$uid/$some_file now -
please report plugins that are still using /var/lib/munin/plugin-state/ -
as those might pose a security risk!
* Validate multigraph plugin name, CVE-2013-6048.
* Don't abort data collection for a node due to malicious node, fixing
munin#1397, CVE-2013-6359.
On 07.08.14 16:52, Frank Baalbergen wrote:
Not used, we use Munin 2.
pardon?
--
Matus UHLAR - fantomas, [email protected] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Depression is merely anger without enthusiasm.
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: https://lists.debian.org/[email protected]
