Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in Munin
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in Munin
ID: FEDORA-2013-22993
Distribution: Fedora
Plattformen: Fedora 18
Datum: Di, 17. Dezember 2013, 07:48
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6359
Applikationen: Munin

Originalnachricht

Name        : munin
Product : Fedora 18
Version : 2.0.19
Release : 1.fc18
URL : http://munin-monitoring.org/
Summary : Network-wide graphing framework (grapher/gatherer)
Description :
Munin is a highly flexible and powerful solution used to create graphs
of virtually everything imaginable throughout your network, while still
maintaining a rattling ease of installation and configuration.

This package contains the grapher/gatherer. You will only need one instance of
it in your network. It will periodically poll all the nodes in your network
it's aware of for data, which it in turn will use to create graphs and HTML
pages, suitable for viewing with your graphical web browser of choice.

Munin is written in Perl, and relies heavily on Tobi Oetiker's excellent
RRDtool.

Creaete a munin web user after installing:
htpasswd -bc /etc/munin/munin-htpasswd MUNIN_WEB_USER PASSWORD

-------------------------------------------------------------------------------
-
Update Information:

Upstream update to 2.0.19, fixes CVE-2013-6359
-------------------------------------------------------------------------------
-
ChangeLog:

* Sun Dec 8 2013 drjohnson1@gmail.com - 2.0.19-1
- Upstream to 2.0.19
* Sun Dec 8 2013 drjohnson1@gmail.com - 2.0.18-2
- Modifying hostname require for f21
* Sat Dec 7 2013 drjohnson1@gmail.com - 2.0.18-1
- BZ# 1037890,1037889,1037888: CVE-2013-6359
* Tue Sep 24 2013 D. Johnson <fenris02@fedoraproject.org> - 2.0.17-6
- Move Net::IP plugins to a subpackage for dep handling
* Fri Aug 16 2013 D. Johnson <fenris02@fedoraproject.org> - 2.0.17-5
- BZ# 993985: munin possibly affected by F-20 unversioned docdir change
* Sat Aug 3 2013 Fedora Release Engineering
<rel-eng@lists.fedoraproject.org> - 2.0.17-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Thu Aug 1 2013 Petr Pisar <ppisar@redhat.com> - 2.0.17-3
- Perl 5.18 rebuild
* Sat Jul 27 2013 Jóhann B. Guðmundsson <johannbg@fedoraproject.org> -
2.0.17-2
- BZ# 989080 Add a missing requirement on crontabs to spec file
* Sat Jul 20 2013 D. Johnson <fenris02@fedoraproject.org> - 2.0.17-1
- Upstream release 2.0.17
* Tue Jun 4 2013 D. Johnson <fenris02@fedoraproject.org> - 2.0.16-1
- Upstream released 2.0.16
* Sat Jun 1 2013 D. Johnson <fenris02@fedoraproject.org> - 2.0.15-1
- Upstream released 2.0.15
* Wed May 22 2013 D. Johnson <fenris02@fedoraproject.org> - 2.0.14-2
- Corrected bugid 905241 references
* Sat May 11 2013 D. Johnson <fenris02@fedoraproject.org> - 2.0.14-1
- Upstream released 2.0.14
* Fri Apr 26 2013 D. Johnson <fenris02@fedoraproject.org> - 2.0.13-1
- Upstream released 2.0.13
* Thu Apr 4 2013 Viljo Viitanen <viljo.viitanen@iki.fi> - 2.0.12-4
- BZ #905241 add nginx cgi package, removed unnecessary services from apache
cgi package
* Mon Apr 1 2013 D. Johnson <fenris02@fedoraproject.org> - 2.0.12-3
- Add fw_ default config
* Sun Mar 24 2013 D. Johnson <fenris02@fedoraproject.org> - 2.0.12-2
- BZ# 917002 minor edits for asyncd
* Fri Mar 22 2013 D. Johnson <fenris02@fedoraproject.org> - 2.0.12-1
- Upstream release 2.0.12
* Sat Mar 9 2013 D. Johnson <fenris02@fedoraproject.org> - 2.0.11.1-3
- Update systemd scriptlets
* Fri Feb 22 2013 D. Johnson <fenris02@fedoraproject.org> - 2.0.11.1-2
- BZ# 913111 Removed R:webserver because it pulls boa .. and no clean way to
prefer apache.
- BZ# 917002 munin-asyncd should wait for munin-node
* Sat Feb 9 2013 D. Johnson <fenris02@fedoraproject.org> - 2.0.11.1-1
- Upstream version 2.0.11.1
* Thu Feb 7 2013 D. Johnson <fenris02@fedoraproject.org> - 2.0.11-4
- BZ# 908711 munin-async: wrong path in init script
* Wed Feb 6 2013 D. Johnson <fenris02@fedoraproject.org> - 2.0.11-3
- Split out tomcat plugin to remove ruby dep from node.
* Mon Feb 4 2013 D. Johnson <fenris02@fedoraproject.org> - 2.0.11-2
- BZ# 907369 revert HTMLOld.pm patch
* Sun Feb 3 2013 D. Johnson <fenris02@fedoraproject.org> - 2.0.11-1
- Upstream release 2.0.11
* Mon Jan 21 2013 D. Johnson <fenris02@fedoraproject.org> - 2.0.10-2
- BZ# 896644 Wrong path to munin jar in jmx plugin
* Wed Jan 9 2013 D. Johnson <fenris02@fedoraproject.org> - 2.0.10-1
- Update to 2.0.10
- BZ# 891940,892377 Only stop/restart services provided by sub-package, not
deps.
- BZ# 881689 Fix config file so that it no longer references the build host
- BZ# 877116 Patch using '&' in the URLs instead of
'&amp;' in HTMLConfig
* Fri Dec 21 2012 D. Johnson <fenris02@fedoraproject.org> - 2.0.9-4
- Use Makefile.config-dist instead of sed.
- BZ# 890246,890247 "su" directive is not used in epel5/6 logrotate
* Sun Dec 9 2012 D. Johnson <fenris02@fedoraproject.org> - 2.0.9-3
- Add documentation links for async
- BZ# 885422 Move munin-node logs to /var/log/munin-node/
- BZ# 877166 Convert '&' to '&amp;' in HTMLConfig.pm
for validation
* Thu Dec 6 2012 D. Johnson <fenris02@fedoraproject.org> - 2.0.9-2
- Require: LWP::UserAgent for plugins
- BZ# 861816 Add simplified files for switching to FCGI
- BZ# 880505 Change logrotate files to include su directive
* Thu Dec 6 2012 D. Johnson <fenris02@fedoraproject.org> - 2.0.9-1
- Update to 2.0.9
* Fri Nov 30 2012 D. Johnson <fenris02@fedoraproject.org> - 2.0.8-3
- BZ# 880505 munin logrotate permissions fix.
* Tue Nov 13 2012 D. Johnson <fenris02@fedoraproject.org> - 2.0.8-2
- Added cgitmp patch c/o Diego Elio Pettenò <flameeyes@flameeyes.eu>
- BZ# 861816 Add sample files for switching to FCGI
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1037888 - CVE-2013-6048 CVE-2013-6359 munin: two denial of service
flaws fixed in 2.0.18
https://bugzilla.redhat.com/show_bug.cgi?id=1037888
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update munin' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung