advisories/20335.adv

type: security
subject: Updated munin packages fix security vulnerability
CVE:
 - CVE-2017-6188
src:
  5:
   core:
     - munin-2.0.25-1.1.mga5
description: |
  Stevie Trujillo discovered a local file write vulnerability in munin, a
  network-wide graphing framework, when CGI graphs are enabled. GET
  parameters are not properly handled, allowing to inject options into
  munin-cgi-graph and overwriting any file accessible by the user running
  the cgi-process (CVE-2017-6188).
references:
 - https://bugs.mageia.org/show_bug.cgi?id=20335
 - https://www.debian.org/security/2017/dsa-3794
ID: MGASA-2017-0101
1	type: security
2	subject: Updated munin packages fix security vulnerability
3	CVE:
4	- CVE-2017-6188
5	src:
6	5:
7	core:
8	- munin-2.0.25-1.1.mga5
9	description: \|
10	Stevie Trujillo discovered a local file write vulnerability in munin, a
11	network-wide graphing framework, when CGI graphs are enabled. GET
12	parameters are not properly handled, allowing to inject options into
13	munin-cgi-graph and overwriting any file accessible by the user running
14	the cgi-process (CVE-2017-6188).
15	references:
16	- https://bugs.mageia.org/show_bug.cgi?id=20335
17	- https://www.debian.org/security/2017/dsa-3794
18	ID: MGASA-2017-0101