USN-3215-2
- Source
- https://ubuntu.com/security/notices/USN-3215-2
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3215-2.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-3215-2
- Published
- 2017-03-03T15:05:50Z
- Modified
- 2026-02-10T04:41:05Z
- Summary
- munin regression
- Details
-
USN-3215-1 fixed a vulnerability in Munin. The upstream patch caused a regression leading to errors being appended to the log file. This update fixes the problem.
Original advisory details:
It was discovered that Munin incorrectly handled CGI graphs. A remote attacker could use this issue to overwrite arbitrary files as the www-data user.
- References
Affected packages
Ubuntu:14.04:LTS / munin
Package
- Name
- munin
- Purl
- pkg:deb/ubuntu/munin@2.0.19-3ubuntu0.3?arch=source&distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.0.19-3ubuntu0.3
Affected versions
2.*
2.0.17-2ubuntu1
2.0.17-3ubuntu1
2.0.18-1ubuntu1
2.0.19-2
2.0.19-3
2.0.19-3ubuntu0.2
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "2.0.19-3ubuntu0.3",
"binary_name": "munin"
},
{
"binary_version": "2.0.19-3ubuntu0.3",
"binary_name": "munin-async"
},
{
"binary_version": "2.0.19-3ubuntu0.3",
"binary_name": "munin-common"
},
{
"binary_version": "2.0.19-3ubuntu0.3",
"binary_name": "munin-node"
},
{
"binary_version": "2.0.19-3ubuntu0.3",
"binary_name": "munin-plugins-core"
},
{
"binary_version": "2.0.19-3ubuntu0.3",
"binary_name": "munin-plugins-extra"
},
{
"binary_version": "2.0.19-3ubuntu0.3",
"binary_name": "munin-plugins-java"
}
]
}