munin (1.4.6-3ubuntu3.3) precise-security; urgency=low
* SECURITY UPDATE: symlink vulnerability in qmailscan plugin
- debian/patches/CVE-2012-2103.patch: remove the use of tempfiles in
plugins/node.d/qmailscan.in.
- CVE-2012-2103
* SECURITY UPDATE: privilege escalation via root running plugins
- debian/patches/CVE-2012-3512.patch: run each plugin in their own
state directory in Makefile, Makefile.config,
node/lib/Munin/Node/{OS,Service}.pm, plugins/lib/Munin/Plugin.pm,
plugins/node.d/*.in,plugins/node.d.linux/*.in.
- debian/patches/CVE-2012-3512-regression.patch: Don't rely on
MUNIN_PLUGSTATE being in the environment as these scripts also get
run by a cron job in plugins/node.d.linux/apt_all.in,
plugins/node.d.linux/apt.in.
- CVE-2012-3512
* debian/Makefile.config: added new plugin state directory location.
* debian/munin-node.{postinst,postrm}: Remove old plugin state directory
override, also remove new plugin state directory.
Date: 2012-10-17 15:25:19.550232+00:00
Changed-By: Marc Deslauriers <[email protected]>
Signed-By: Jamie Strandboge <[email protected]>
https://launchpad.net/ubuntu/precise/+source/munin/1.4.6-3ubuntu3.3
Sorry, changesfile not available.
--
Precise-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/precise-changes
