============================================================================ Ubuntu Security Notice USN-1622-1 November 05, 2012 munin vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 10.04 LTS Summary: Several security issues were fixed in Munin. Software Description: - munin: Network-wide graphing framework Details: It was discovered that the Munin qmailscan plugin incorrectly handled temporary files. A local attacker could use this issue to possibly overwrite arbitrary files. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10, and Ubuntu 12.04 LTS. (CVE-2012-2103) It was discovered that Munin incorrectly handled plugin state file permissions. An attacker obtaining privileges of the munin user could use this issue to escalate privileges to root. (CVE-2012-3512) It was discovered that Munin incorrectly handled specifying an alternate configuration file. A remote attacker could possibly use this issue to execute arbitrary code with the privileges of the web server. This issue only affected Ubuntu 12.10. (CVE-2012-3513) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: munin 2.0.2-1ubuntu2.2 Ubuntu 12.04 LTS: munin 1.4.6-3ubuntu3.3 Ubuntu 11.10: munin 1.4.5-3ubuntu4.11.10.2 Ubuntu 10.04 LTS: munin 1.4.4-1ubuntu1.2 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1622-1 CVE-2012-2103, CVE-2012-3512, CVE-2012-3513 Package Information: https://launchpad.net/ubuntu/+source/munin/2.0.2-1ubuntu2.2 https://launchpad.net/ubuntu/+source/munin/1.4.6-3ubuntu3.3 https://launchpad.net/ubuntu/+source/munin/1.4.5-3ubuntu4.11.10.2 https://launchpad.net/ubuntu/+source/munin/1.4.4-1ubuntu1.2