Package: munin Version: 1.2.5-1 Severity: critical Tags: security Justification: causes serious data loss
Munin recently ran amok on my backup/log-server. It dumped its RRD files on top of random files in the root-filesystem. Fortunately mostly in /usr/share/doc/ I have experienced bug #310915 as well as the occational excessive cpu-usage. None of these seemed to be worse than annoyances though. Today however, it clobbered /usr/share/backuppc/lib/BackupPC/Lib.pm which obviously broke my backups. All clobbered files end up with their original name but owner/group as munin/munin. It even replaced /usr/share/doc/libneon25/ (a directory) with an RRD-file of the same name but munin/munin as owner/group. Filesystem : ext3 Munin version was : 1.2.5-1 # uname -a Linux vaagen 2.6.18-5-xen-686 #1 SMP Mon Dec 24 20:49:58 UTC 2007 i686 GNU/Linux Since the server is a production-machine I've uninstalled munin, but I'll be happy to provide whatever other information I can. The other machines that have been running munin-node only, with various plugins have not suffered the same problems. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-5-xen-686 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages munin depends on: ii adduser 3.102 Add and remove users and groups pn libdigest-md5-perl <none> (no description available) pn libhtml-template-perl <none> (no description available) pn librrds-perl <none> (no description available) pn libtime-hires-perl <none> (no description available) ii perl [libstorable-perl] 5.8.8-7etch1 Larry Wall's Practical Extraction ii perl-modules 5.8.8-7etch1 Core Perl modules pn rrdtool <none> (no description available) Versions of packages munin recommends: pn libdate-manip-perl <none> (no description available) pn munin-node <none> (no description available) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
