Christoph Biedl discovered two denial of service vulnerabilities in munin, a network-wide graphing framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-6048 The Munin::Master::Node module of munin does not properly validate certain data a node sends. A malicious node might exploit this to drive the munin-html process into an infinite loop with memory exhaustion on the munin master. CVE-2013-6359A malicious node, with a plugin enabled using multigraph as a multigraph service name, can abort data collection for the entire node the plugin runs on.

For the stable distribution (wheezy), these problems have been fixed in version 2.0.6-4+deb7u2. For the testing distribution (jessie), these problems have been fixed in version 2.0.18-1. For the unstable distribution (sid), these problems have been fixed in version 2.0.18-1. We recommend that you upgrade your munin packages.

Munin is a highly flexible and powerful solution used to create graphs of virtually everything imaginable throughout your network, while still maintaining a rattling ease of installation and configuration.

munin on Debian Linux

This check tests the installed software version using the apt package manager.

• http://www.debian.org/security/2013/dsa-2815.html

---

Updated on 2015-03-25