On 08/07/2014 04:48 PM, Holger Levsen wrote:
Package : munin Version : 1.4.5-3+deb6u1 CVE ID : CVE-2012-3512 CVE-2013-6048 CVE-2013-6359[ Christoph Biedl ] * munin-node: more secure state file handling, introducing a new plugin state directory root, owned by uid 0. Then each plugin runs in its own UID plugin state directory, owned by that UID. (Closes: #684075), (Closes: #679897), closes CVE-2012-3512. * plugins: use runtime $ENV{MUNIN_PLUGSTATE}. So all properly written plugins will use /var/lib/munin-node/plugin-state/$uid/$some_file now - please report plugins that are still using /var/lib/munin/plugin-state/ - as those might pose a security risk! * Validate multigraph plugin name, CVE-2013-6048. * Don't abort data collection for a node due to malicious node, fixing munin#1397, CVE-2013-6359.
Not used, we use Munin 2. -- Frank Baalbergen - System / Network Engineer T +31 (0)10 2760434 | frank.baalber...@mendix.com | www.mendix.com -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53e392b1.60...@mendix.com
