munin-2.0.25-4.10 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10330-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z munin-2.0.25-4.10 on GA media These are all security issues fixed in the munin-2.0.25-4.10 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10330 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2012-2147/ SUSE CVE CVE-2012-2147 page https://www.suse.com/security/cve/CVE-2013-6048/ SUSE CVE CVE-2013-6048 page https://www.suse.com/security/cve/CVE-2013-6359/ SUSE CVE CVE-2013-6359 page openSUSE Tumbleweed munin-2.0.25-4.10 munin-node-2.0.25-4.10 munin-2.0.25-4.10 as a component of openSUSE Tumbleweed munin-node-2.0.25-4.10 as a component of openSUSE Tumbleweed munin-cgi-graph in Munin 2.0 rc4 allows remote attackers to cause a denial of service (disk or memory consumption) via many image requests with large values in the (1) size_x or (2) size_y parameters. CVE-2012-2147 openSUSE Tumbleweed:munin-2.0.25-4.10 openSUSE Tumbleweed:munin-node-2.0.25-4.10 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-2147.html CVE-2012-2147 https://bugzilla.suse.com/759910 SUSE Bug 759910 The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data. CVE-2013-6048 openSUSE Tumbleweed:munin-2.0.25-4.10 openSUSE Tumbleweed:munin-node-2.0.25-4.10 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6048.html CVE-2013-6048 https://bugzilla.suse.com/853570 SUSE Bug 853570 Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses "multigraph" as a multigraph service name. CVE-2013-6359 openSUSE Tumbleweed:munin-2.0.25-4.10 openSUSE Tumbleweed:munin-node-2.0.25-4.10 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6359.html CVE-2013-6359 https://bugzilla.suse.com/853570 SUSE Bug 853570