Debian 10241 Published by

Updated munin packages has been released for Debian 7 LTS



Package : munin
Version : 2.0.6-4+deb7u4
Debian Bug : 856455 856536


The update for munin issued as DLA-836-1 caused a regression in the
zooming functionality in munin-cgi-graph. Updated packages are now
available to correct this issue. For reference, the original advisory
text follows.

Stevie Trujillo discovered a command injection vulnerability in munin,
a network-wide graphing framework. The CGI script for drawing graphs
allowed to pass arbitrary GET parameters to local shell command,
allowing command execution as the user that runs the webserver.

For Debian 7 "Wheezy", these problems have been fixed in version
2.0.6-4+deb7u4.

We recommend that you upgrade your munin packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS