ALAS-2012-130


Amazon Linux AMI Security Advisory: ALAS-2012-130
Advisory Release Date: 2014-09-14 17:07 Pacific
Severity: Medium
References: CVE-2012-3512 

Issue Overview:

Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin.


Affected Packages:

munin


Issue Correction:
Run yum update munin to update your system.

New Packages:
noarch:
    munin-common-2.0.6-2.9.amzn1.noarch
    munin-async-2.0.6-2.9.amzn1.noarch
    munin-2.0.6-2.9.amzn1.noarch
    munin-node-2.0.6-2.9.amzn1.noarch
    munin-java-plugins-2.0.6-2.9.amzn1.noarch

src:
    munin-2.0.6-2.9.amzn1.src