- ------------------------------------------------------------------------- Debian Security Advisory DSA-2815-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso December 09, 2013 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : munin Vulnerability : denial of service Problem type : remote Debian-specific: no CVE ID : CVE-2013-6048 CVE-2013-6359 Christoph Biedl discovered two denial of service vulnerabilities in munin, a network-wide graphing framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-6048 The Munin::Master::Node module of munin does not properly validate certain data a node sends. A malicious node might exploit this to drive the munin-html process into an infinite loop with memory exhaustion on the munin master. CVE-2013-6359 A malicious node, with a plugin enabled using "multigraph" as a multigraph service name, can abort data collection for the entire node the plugin runs on. For the stable distribution (wheezy), these problems have been fixed in version 2.0.6-4+deb7u2. For the testing distribution (jessie), these problems have been fixed in version 2.0.18-1. For the unstable distribution (sid), these problems have been fixed in version 2.0.18-1. We recommend that you upgrade your munin packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
Debian: DSA-2815-1: munin security update
Christoph Biedl discovered two denial of service vulnerabilities in munin, a network-wide graphing framework. The Common Vulnerabilities and Exposures project identifies the following problems:
