Munin: Multiple vulnerabilities
Gentoo Linux Security Advisory
||GLSA 201405-17 / munin
||May 18, 2014
||May 18, 2014: 1
All supported architectures
Multiple vulnerabilities have been discovered in Munin which may
lead to symlink attacks, file creation, or bypass of security restrictions.
Munin is an open source server monitoring tool.
Multiple vulnerabilities have been discovered in Munin. Please review
the CVE identifiers referenced below for details.
A local attacker could perform symlink attacks to overwrite arbitrary
files with the privileges of the user running the application.
A remote attacker could create files or load new Munin configuration
There is no known workaround at this time.
All Munin users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/munin-2.0.8-r2"