Updated munin packages fixes two security vulnerabilitiesPublication date: 19 Dec 2013
Affected Mageia releases : 3
CVE: CVE-2013-6048 , CVE-2013-6359
Updated munin packages fix security vulnerabilities: The Munin::Master::Node module of munin does not properly validate certain data a node sends. A malicious node might exploit this to drive the munin-html process into an infinite loop with memory exhaustion on the munin master (CVE-2013-6048). A malicious node, with a plugin enabled using "multigraph" as a multigraph service name, can abort data collection for the entire node the plugin runs on (CVE-2013-6359).