Christoph Biedl

**Name of the Vulnerable Software and Affected Versions** Munin versions prior to 2.0.18 **Description** The issue allows remote nodes to cause a denial of service, resulting in an infinite loop and memory consumption in the munin-html process. This is achieved via crafted multigraph data sent to the `get group tree` function. Multiple vulnerabilities in the Munin package of the Debian GNU/Linux operating system can lead to a disruption in the availability of protected information, and exploitation can be carried out remotely. **Recommendations** For versions prior to 2.0.18, update to version 2.0.18 or later to resolve the issue. As a temporary workaround, consider restricting access to the `get group tree` function in lib/Munin/Master/HTMLConfig.pm to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Munin versions prior to 2.0.18 **Description** The issue allows remote attackers to cause a denial of service, specifically aborting data collection for a node, by utilizing a plugin with a particular service name, `multigraph`, as a multigraph service name. Multiple vulnerabilities in the Munin package of the Debian GNU/Linux operating system can lead to disruption of protected information availability, and these vulnerabilities can be exploited remotely. **Recommendations** For versions prior to 2.0.18, update to version 2.0.18 or later to resolve the issue. As a temporary workaround, consider restricting the use of plugins that utilize the `multigraph` service name to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** dhcp3-server versions 3.0.4 through 3.1.1 dhcp version prior to 3.1.2 p1 dhcp3-client (affected versions not specified) dhcp3-relay (affected versions not specified) dhcp3-dev (affected versions not specified) dhcp3-client-udeb (affected versions not specified) dhcp3-server-ldap (affected versions not specified) dhcp3-common (affected versions not specified) **Description** The issue involves multiple vulnerabilities in the DHCP package of Debian GNU/Linux, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The vulnerabilities in dhcpd, when the dhcp-client-identifier and hardware ethernet configuration settings are both used, allow remote attackers to cause a denial of service via unspecified requests. **Recommendations** For dhcp3-server versions 3.0.4 through 3.1.1, update to a version later than 3.1.1. For dhcp version prior to 3.1.2 p1, update to version 3.1.2 p1 or later. For dhcp3-client, dhcp3-relay, dhcp3-dev, dhcp3-client-udeb, dhcp3-server-ldap, and dhcp3-common, at the moment, there is no information about a newer version that contains a fix for this vulnerability.