Medium: collectd

2017-05-19T03:37:00
ID ALAS-2017-829
Type amazon
Reporter Amazon
Modified 2017-05-19T03:37:00

Description

Issue Overview:

Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions:
Collectd contains an infinite loop due to how the parse_packet() and parse_part_sign_sha256() functions interact. If an instance of collectd is configured with "SecurityLevel None" and with empty "AuthFile" options an attacker can send crafted UDP packets that trigger the infinite loop, causing a denial of service. (CVE-2017-7401 __)

Affected Packages:

collectd

Issue Correction:
Run yum update collectd to update your system.

New Packages:

i686:  
    collectd-rrdtool-5.7.1-3.18.amzn1.i686  
    collectd-memcachec-5.7.1-3.18.amzn1.i686  
    collectd-rrdcached-5.7.1-3.18.amzn1.i686  
    collectd-curl_xml-5.7.1-3.18.amzn1.i686  
    collectd-hugepages-5.7.1-3.18.amzn1.i686  
    collectd-python-5.7.1-3.18.amzn1.i686  
    libcollectdclient-5.7.1-3.18.amzn1.i686  
    collectd-chrony-5.7.1-3.18.amzn1.i686  
    collectd-gmond-5.7.1-3.18.amzn1.i686  
    collectd-email-5.7.1-3.18.amzn1.i686  
    collectd-netlink-5.7.1-3.18.amzn1.i686  
    collectd-generic-jmx-5.7.1-3.18.amzn1.i686  
    collectd-write_http-5.7.1-3.18.amzn1.i686  
    collectd-postgresql-5.7.1-3.18.amzn1.i686  
    collectd-amqp-5.7.1-3.18.amzn1.i686  
    collectd-zookeeper-5.7.1-3.18.amzn1.i686  
    collectd-dns-5.7.1-3.18.amzn1.i686  
    collectd-5.7.1-3.18.amzn1.i686  
    collectd-apache-5.7.1-3.18.amzn1.i686  
    collectd-dbi-5.7.1-3.18.amzn1.i686  
    collectd-lvm-5.7.1-3.18.amzn1.i686  
    collectd-web-5.7.1-3.18.amzn1.i686  
    collectd-bind-5.7.1-3.18.amzn1.i686  
    collectd-java-5.7.1-3.18.amzn1.i686  
    collectd-varnish-5.7.1-3.18.amzn1.i686  
    collectd-iptables-5.7.1-3.18.amzn1.i686  
    collectd-debuginfo-5.7.1-3.18.amzn1.i686  
    collectd-write_sensu-5.7.1-3.18.amzn1.i686  
    collectd-write_tsdb-5.7.1-3.18.amzn1.i686  
    collectd-snmp-5.7.1-3.18.amzn1.i686  
    collectd-utils-5.7.1-3.18.amzn1.i686  
    collectd-ipmi-5.7.1-3.18.amzn1.i686  
    collectd-curl-5.7.1-3.18.amzn1.i686  
    collectd-drbd-5.7.1-3.18.amzn1.i686  
    libcollectdclient-devel-5.7.1-3.18.amzn1.i686  
    collectd-nginx-5.7.1-3.18.amzn1.i686  
    collectd-notify_email-5.7.1-3.18.amzn1.i686  
    collectd-mysql-5.7.1-3.18.amzn1.i686  
    perl-Collectd-5.7.1-3.18.amzn1.i686  
    collectd-lua-5.7.1-3.18.amzn1.i686  
    collectd-ipvs-5.7.1-3.18.amzn1.i686  
    collectd-openldap-5.7.1-3.18.amzn1.i686

src:  
    collectd-5.7.1-3.18.amzn1.src

x86_64:  
    collectd-memcachec-5.7.1-3.18.amzn1.x86_64  
    collectd-curl_xml-5.7.1-3.18.amzn1.x86_64  
    collectd-bind-5.7.1-3.18.amzn1.x86_64  
    collectd-lua-5.7.1-3.18.amzn1.x86_64  
    collectd-java-5.7.1-3.18.amzn1.x86_64  
    collectd-snmp-5.7.1-3.18.amzn1.x86_64  
    collectd-write_sensu-5.7.1-3.18.amzn1.x86_64  
    collectd-dns-5.7.1-3.18.amzn1.x86_64  
    libcollectdclient-5.7.1-3.18.amzn1.x86_64  
    collectd-apache-5.7.1-3.18.amzn1.x86_64  
    collectd-ipmi-5.7.1-3.18.amzn1.x86_64  
    collectd-lvm-5.7.1-3.18.amzn1.x86_64  
    collectd-chrony-5.7.1-3.18.amzn1.x86_64  
    collectd-mysql-5.7.1-3.18.amzn1.x86_64  
    collectd-nginx-5.7.1-3.18.amzn1.x86_64  
    collectd-netlink-5.7.1-3.18.amzn1.x86_64  
    collectd-varnish-5.7.1-3.18.amzn1.x86_64  
    collectd-amqp-5.7.1-3.18.amzn1.x86_64  
    collectd-iptables-5.7.1-3.18.amzn1.x86_64  
    perl-Collectd-5.7.1-3.18.amzn1.x86_64  
    collectd-drbd-5.7.1-3.18.amzn1.x86_64  
    collectd-python-5.7.1-3.18.amzn1.x86_64  
    collectd-generic-jmx-5.7.1-3.18.amzn1.x86_64  
    collectd-email-5.7.1-3.18.amzn1.x86_64  
    collectd-postgresql-5.7.1-3.18.amzn1.x86_64  
    collectd-5.7.1-3.18.amzn1.x86_64  
    collectd-write_http-5.7.1-3.18.amzn1.x86_64  
    collectd-web-5.7.1-3.18.amzn1.x86_64  
    collectd-debuginfo-5.7.1-3.18.amzn1.x86_64  
    collectd-dbi-5.7.1-3.18.amzn1.x86_64  
    collectd-openldap-5.7.1-3.18.amzn1.x86_64  
    collectd-rrdcached-5.7.1-3.18.amzn1.x86_64  
    collectd-notify_email-5.7.1-3.18.amzn1.x86_64  
    libcollectdclient-devel-5.7.1-3.18.amzn1.x86_64  
    collectd-zookeeper-5.7.1-3.18.amzn1.x86_64  
    collectd-rrdtool-5.7.1-3.18.amzn1.x86_64  
    collectd-utils-5.7.1-3.18.amzn1.x86_64  
    collectd-write_tsdb-5.7.1-3.18.amzn1.x86_64  
    collectd-curl-5.7.1-3.18.amzn1.x86_64  
    collectd-ipvs-5.7.1-3.18.amzn1.x86_64  
    collectd-hugepages-5.7.1-3.18.amzn1.x86_64  
    collectd-gmond-5.7.1-3.18.amzn1.x86_64