CVE-2013-6048

Publication date 13 December 2013

Last updated 24 July 2024

Ubuntu priority

The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
munin	13.10 saucy	Fixed 2.0.17-2ubuntu1.1
	13.04 raring	Ignored end of life
	12.10 quantal	Fixed 2.0.2-1ubuntu2.3
	12.04 LTS precise	Fixed 1.4.6-3ubuntu3.4
	10.04 LTS lucid	Ignored end of life

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
munin	Upstream: 40b5694 Upstream: 284d740

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-2090-1
Munin vulnerabilities
27 January 2014

Other references

http://www.debian.org/security/2013/dsa-2815
https://github.com/munin-monitoring/munin/blob/2.0.18/ChangeLog
https://www.cve.org/CVERecord?id=CVE-2013-6048