CVE-2013-6048

Priority
Medium
Description
The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin
before 2.0.18 allows remote nodes to cause a denial of service (infinite
loop and memory consumption in the munin-html process) via crafted
multigraph data.
References
Assigned-to
mdeslaur
Package
Source: munin (LP Ubuntu Debian)
Upstream:released (2.0.18-1)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):released (1.4.6-3ubuntu3.4)
Ubuntu 12.10 (Quantal Quetzal):released (2.0.2-1ubuntu2.3)
Ubuntu 13.04 (Raring Ringtail):ignored (reached end-of-life)
Ubuntu 13.10 (Saucy Salamander):released (2.0.17-2ubuntu1.1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (2.0.19-2)
Patches:
Upstream:https://github.com/munin-monitoring/munin/commit/40b5694727dfae6a56fb8989ab6fff14840ac254
Upstream:https://github.com/munin-monitoring/munin/commit/284d7402718d98fcf10cee565415939882abab99
More Information

Valid XHTML 1.0 Strict

Updated: 2014-01-27 18:14:41 UTC (commit 7687)