Arch Linux Security Advisory ASA-201905-1 ========================================= Severity: High Date : 2019-05-06 CVE-ID : CVE-2017-6188 Package : munin Type : arbitrary file overwrite Remote : Yes Link : https://security.archlinux.org/AVG-953 Summary ======= The package munin before version 2.0.47-1 is vulnerable to arbitrary file overwrite. Resolution ========== Upgrade to 2.0.47-1. # pacman -Syu "munin>=2.0.47-1" The problem has been fixed upstream in version 2.0.47. Workaround ========== None. Description =========== A vulnerability in munin allows attackers to overwrite any file accessible to the webserver user by setting multiple upper_limit GET parameters when CGI graphs are enabled. Impact ====== A remote attacker is able to overwrite arbitrary files on the filesystem. References ========== https://bugs.archlinux.org/task/57537 https://www.debian.org/security/2017/dsa-3794 https://github.com/munin-monitoring/munin/pull/797/commits/42ce18f24d3eae8be33526a198bf21e4f2330230 https://security.archlinux.org/CVE-2017-6188