CVE-2013-6359

Published: 13 December 2013

Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses "multigraph" as a multigraph service name.

Priority

Status

Package	Release	Status
munin Launchpad, Ubuntu, Debian	lucid	Ignored (end of life)
	precise	Released (1.4.6-3ubuntu3.4)
	quantal	Released (2.0.2-1ubuntu2.3)
	raring	Ignored (end of life)
	saucy	Released (2.0.17-2ubuntu1.1)
	upstream	Released (2.0.18-1)
	Patches: upstream: https://github.com/munin-monitoring/munin/commit/00164f5a4dec86b659ecbc3e05addb06fe7ef996

References

http://www.debian.org/security/2013/dsa-2815
https://github.com/munin-monitoring/munin/blob/2.0.18/ChangeLog
https://ubuntu.com/security/notices/USN-2090-1
https://www.cve.org/CVERecord?id=CVE-2013-6359
NVD
Launchpad
Debian

Bugs

http://munin-monitoring.org/ticket/1397

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›