Ubuntu
munin package

security update spams log file

Bug #1669764 reported by Marc Deslauriers
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
munin (Debian)
Fix Released
Unknown
munin (Ubuntu)
Fix Released
Undecided
Unassigned
Trusty
Fix Released
Undecided
Marc Deslauriers
Xenial
Fix Released
Undecided
Marc Deslauriers
Yakkety
Fix Released
Undecided
Marc Deslauriers

Bug Description

The munin security update caused a regression that is spamming the log file with:

2017/03/02 06:53:56 [PERL WARNING] Use of uninitialized value $size_x in string eq at /usr/lib/munin/cgi/munin-cgi-graph line 453.

CVE References

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

https://github.com/munin-monitoring/munin/issues/804

no longer affects: munin
Changed in munin (Ubuntu Trusty):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in munin (Ubuntu Xenial):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in munin (Ubuntu Yakkety):
assignee: nobody → Marc Deslauriers (mdeslaur)
Bug Watch Updater (bug-watch-updater)
Changed in munin (Debian):
status: Unknown → Confirmed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package munin - 2.0.25-2ubuntu0.16.04.3

---------------
munin (2.0.25-2ubuntu0.16.04.3) xenial-security; urgency=medium

  * SECURITY REGRESSION: log spamming issue (LP: #1669764)
    - debian/patches/CVE-2017-6188-3.patch: use looks_like_number in
      master/_bin/munin-cgi-graph.in.

 -- Marc Deslauriers <email address hidden> Fri, 03 Mar 2017 07:19:15 -0500

Changed in munin (Ubuntu Xenial):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package munin - 2.0.19-3ubuntu0.3

---------------
munin (2.0.19-3ubuntu0.3) trusty-security; urgency=medium

  * SECURITY REGRESSION: log spamming issue (LP: #1669764)
    - master/_bin/munin-cgi-graph.in: use looks_like_number.
    - 6373554b1cc8bee886947cee598e86d1d9ea1e4a

 -- Marc Deslauriers <email address hidden> Fri, 03 Mar 2017 07:21:41 -0500

Changed in munin (Ubuntu Trusty):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package munin - 2.0.25-2ubuntu0.16.10.3

---------------
munin (2.0.25-2ubuntu0.16.10.3) yakkety-security; urgency=medium

  * SECURITY REGRESSION: log spamming issue (LP: #1669764)
    - debian/patches/CVE-2017-6188-3.patch: use looks_like_number in
      master/_bin/munin-cgi-graph.in.

 -- Marc Deslauriers <email address hidden> Fri, 03 Mar 2017 07:14:08 -0500

Changed in munin (Ubuntu Yakkety):
status: New → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in munin (Debian):
status: Confirmed → Fix Released
Revision history for this message
Nish Aravamudan (nacc) wrote :

munin/2.0.33-1 is in zesty-proposed.

Changed in munin (Ubuntu):
status: New → Fix Committed
Marc Deslauriers (mdeslaur)
Changed in munin (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.