diff -u munin-2.0.17/debian/changelog munin-2.0.17/debian/changelog --- munin-2.0.17/debian/changelog +++ munin-2.0.17/debian/changelog @@ -1,3 +1,15 @@ +munin (2.0.17-2ubuntu1.1) saucy-security; urgency=low + + * SECURITY UPDATE: denial of service via resource exhaustion + - 40b5694727dfae6a56fb8989ab6fff14840ac254 + - 284d7402718d98fcf10cee565415939882abab99 + - CVE-2013-6048 + * SECURITY UPDATE: denial of service via service name + - 00164f5a4dec86b659ecbc3e05addb06fe7ef996 + - CVE-2013-6359 + + -- Marc Deslauriers Wed, 18 Dec 2013 09:16:22 -0500 + munin (2.0.17-2ubuntu1) saucy; urgency=low * Merge from Debian unstable. Remaining changes: only in patch2: unchanged: --- munin-2.0.17.orig/master/lib/Munin/Master/Node.pm +++ munin-2.0.17/master/lib/Munin/Master/Node.pm @@ -307,17 +307,28 @@ next if $line =~ /^\#/; if ($line =~ m{\A multigraph \s+ (.+) }xms) { - $correct++; - push_graphorder($service); $service = $1; if ($service eq 'multigraph') { - die "[ERROR] SERVICE can't be named \"$service\" in plugin $plugin on ".$self->{host}."/".$self->{address}."/".$self->{port}; + ERROR "[ERROR] SERVICE can't be named \"$service\" in plugin $plugin on ".$self->{host}."/".$self->{address}."/".$self->{port}; + $errors++; + last; } + if ($service =~ /(^\.|\.$|\.\.)/) { + ERROR "[ERROR] SERVICE \"$service\" contains dots in wrong places in plugin $plugin on ".$self->{host}."/".$self->{address}."/".$self->{port}; + $errors++; + last; + } + if ($service !~ m/^[-\w.:.]+$/) { + ERROR "[ERROR] SERVICE \"$service\" contains weird characters in plugin $plugin on ".$self->{host}."/".$self->{address}."/".$self->{port}; + $errors++; + last; + } new_service($service) unless $global_config->{$service}; DEBUG "[CONFIG multigraph $plugin] Service is now $service"; + $correct++; } elsif ($line =~ m{\A ([^\s\.]+) \s+ (.+?) \s* $}xms) { $correct++; @@ -463,16 +474,26 @@ next if $line =~ /^\#/; if ($line =~ m{\A multigraph \s+ (.+) }xms) { - $correct++; - $service = $1; + if ($service =~ /(^\.|\.$|\.\.)/) { + ERROR "[ERROR] SERVICE \"$service\" contains dots in wrong places in plugin $plugin on ".$self->{host}."/".$self->{address}."/".$self->{port}; + $errors++; + last; + } + if ($service !~ m/^[-\w.:.]+$/) { + ERROR "[ERROR] SERVICE \"$service\" contains weird characters in plugin $plugin on ".$self->{host}."/".$self->{address}."/".$self->{port}; + $errors++; + last; + } $values{$service} = {}; if ($service eq 'multigraph') { + $errors++; ERROR "[ERROR] SERVICE can't be named \"$service\" in plugin $plugin on ". $nodedesignation; - croak("Plugin error. Please consult the log."); + last; } + $correct++; } elsif ($line =~ m{\A ([^\.]+)\.value \s+ ([\S:]+) }xms) { my ($data_source, $value, $when) = ($1, $2, $now); only in patch2: unchanged: --- munin-2.0.17.orig/master/lib/Munin/Master/HTMLConfig.pm +++ munin-2.0.17/master/lib/Munin/Master/HTMLConfig.pm @@ -176,6 +176,7 @@ $shrinkpath; $shrinkpath =~ s/^[^\/]+\/?//, $counter++) { + die ("Munin::Master::HTMLConfig ran into an endless loop") if ($counter >= 100); $childnode->{'url' . $counter} = $shrinkpath; } @@ -218,6 +219,7 @@ $shrinkpath =~ /\//; $shrinkpath =~ s/^[^\/]+\/*//, $counter++ ) { + die ("Munin::Master::HTMLConfig ran into an endless loop") if ($counter >= 100); $obj->{'url' . $counter} = $shrinkpath; } push @$cats, $obj; @@ -317,6 +319,7 @@ $shrinkpath =~ /\//; $shrinkpath =~ s/^[^\/]+\/*//, $counter++ ) { + die ("Munin::Master::HTMLConfig ran into an endless loop") if ($counter >= 100); $ret->{'url' . $counter} = $shrinkpath; } }