[ubuntu/quantal-proposed] munin 2.0.2-1ubuntu2.2 (Accepted)
Jamie Strandboge
jamie at ubuntu.com
Mon Oct 22 13:06:17 UTC 2012
munin (2.0.2-1ubuntu2.2) quantal-security; urgency=low
* SECURITY UPDATE: privilege escalation via root running plugins
- debian/patches/CVE-2012-3512.patch: run each plugin in their own
state directory in Makefile, Makefile.config,
node/lib/Munin/Node/{OS,Service}.pm, plugins/lib/Munin/Plugin.pm,
plugins/node.d/*.in,plugins/node.d.linux/*.in.
- CVE-2012-3512
* SECURITY UPDATE: remote code exection via bad arguments
- debian/patches/CVE-2012-3513.patch: use MUNIN_CONFIG env variable
instead of @ARGV to specify alternate config file in
master/_bin/munin-cgi-graph.in, master/_bin/munin-cgi-html.in.
- debian/patches/CVE-2012-3512-regression.patch: Don't rely on
MUNIN_PLUGSTATE being in the environment as these scripts also get
run by a cron job in plugins/node.d.linux/apt_all.in,
plugins/node.d.linux/apt.in.
- CVE-2012-3513
* debian/rules: actually apply quilt patches.
* debian/Makefile.config: added new plugin state directory location.
* debian/munin-node.{postinst,postrm}: Switch to new plugin state
directory.
Date: 2012-10-17 15:15:18.476813+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Jamie Strandboge <jamie at ubuntu.com>
https://launchpad.net/ubuntu/quantal/+source/munin/2.0.2-1ubuntu2.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Quantal-changes
mailing list