MGASA-2013-0378

Source
https://advisories.mageia.org/MGASA-2013-0378.html
Import Source
https://advisories.mageia.org/MGASA-2013-0378.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2013-0378
Related
Published
2013-12-19T21:06:40Z
Modified
2013-12-19T21:06:37Z
Summary
Updated munin packages fixes two security vulnerabilities
Details

Updated munin packages fix security vulnerabilities:

The Munin::Master::Node module of munin does not properly validate certain data a node sends. A malicious node might exploit this to drive the munin-html process into an infinite loop with memory exhaustion on the munin master (CVE-2013-6048).

A malicious node, with a plugin enabled using "multigraph" as a multigraph service name, can abort data collection for the entire node the plugin runs on (CVE-2013-6359).

References
Credits

Affected packages

Mageia:3 / munin

Package

Name
munin
Purl
pkg:rpm/mageia/munin?distro=mageia-3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.12-2.1.mga3

Ecosystem specific

{
    "section": "core"
}