Nome do pacote
munin
Data
2013-12-20
ID Alerta
MDVSA-2013:297
Versões afetadas
MBS1 x86_64

Descrição do problema

Updated munin packages fix security vulnerabilities:

The Munin::Master::Node module of munin does not properly validate
certain data a node sends. A malicious node might exploit this to drive
the munin-html process into an infinite loop with memory exhaustion
on the munin master (CVE-2013-6048).

A malicious node, with a plugin enabled using multigraph as a
multigraph service name, can abort data collection for the entire
node the plugin runs on (CVE-2013-6359).

Pacotes atualizados

MBS1 x86_64

 b20e89d5a943f0d3deadb324091ab6ef  mbs1/x86_64/munin-2.0-0.rc5.3.2.mbs1.noarch.rpm
 4ae6191940301c45b1ce7b32fa625122  mbs1/x86_64/munin-master-2.0-0.rc5.3.2.mbs1.noarch.rpm
 3a02701b006afcd70430c4de7e96c7e8  mbs1/x86_64/munin-node-2.0-0.rc5.3.2.mbs1.noarch.rpm 
 d07ea1401e5ab3415c2576281ec60aee  mbs1/SRPMS/munin-2.0-0.rc5.3.2.mbs1.src.rpm

Referências