Advisories » MGASA-2013-0378

Updated munin packages fixes two security vulnerabilities

Publication date: 19 Dec 2013
Modification date: 19 Dec 2013
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-6048 , CVE-2013-6359

Description

Updated munin packages fix security vulnerabilities:

The Munin::Master::Node module of munin does not properly validate certain
data a node sends. A malicious node might exploit this to drive the munin-html
process into an infinite loop with memory exhaustion on the munin master
(CVE-2013-6048).

A malicious node, with a plugin enabled using "multigraph" as a multigraph
service name, can abort data collection for the entire node the plugin runs on
(CVE-2013-6359).
                

References

• http://www.debian.org/security/2013/dsa-2815
• https://bugs.mageia.org/show_bug.cgi?id=11944
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6048
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6359

SRPMS

3/core

• munin-2.0.12-2.1.mga3