MGASA-2013-0378

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2013-0378.html

Import Source

https://advisories.mageia.org/MGASA-2013-0378.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2013-0378

Related

Published

2013-12-19T21:06:40Z

Modified

2013-12-19T21:06:37Z

Summary

Updated munin packages fixes two security vulnerabilities

Details

Updated munin packages fix security vulnerabilities:

The Munin::Master::Node module of munin does not properly validate certain data a node sends. A malicious node might exploit this to drive the munin-html process into an infinite loop with memory exhaustion on the munin master (CVE-2013-6048).

A malicious node, with a plugin enabled using "multigraph" as a multigraph service name, can abort data collection for the entire node the plugin runs on (CVE-2013-6359).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:3 / munin

Package

Name: munin
Purl: pkg:rpm/mageia/munin?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.12-2.1.mga3

Ecosystem specific

{
    "section": "core"
}