(RHSA-2017:1285) Moderate: collectd security, bug fix, and enhancement update

2017-05-2409:19:41

access.redhat.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.008 Low

EPSS

Percentile

81.2%

JSON

collectd is a small C-language daemon, which reads various system metrics periodically and updates RRD files (creating them if necessary). Because the daemon does not start up each time it updates files, it has a low system footprint.

The following packages have been upgraded to a newer upstream version: collectd (5.7.1). (BZ#1446472)

Security Fix(es):

collectd contains an infinite loop due to how the parse_packet() and parse_part_sign_sha256() functions interact. If an instance of collectd is configured with “SecurityLevel None” and with empty “AuthFile” options an attacker can send crafted UDP packets that trigger the infinite loop, causing a denial of service. (CVE-2017-7401)

OSVersionArchitecturePackageVersionFilename
RedHat7ppc64lecollectd-chrony< 5.7.1-4.el7collectd-chrony-5.7.1-4.el7.ppc64le.rpm
RedHat7ppc64lecollectd-rrdcached< 5.7.1-4.el7collectd-rrdcached-5.7.1-4.el7.ppc64le.rpm
RedHat7ppc64lecollectd-write_sensu< 5.7.1-4.el7collectd-write_sensu-5.7.1-4.el7.ppc64le.rpm
RedHat7x86_64collectd-dbi< 5.7.1-4.el7collectd-dbi-5.7.1-4.el7.x86_64.rpm
RedHat7ppc64lecollectd-postgresql< 5.7.1-4.el7collectd-postgresql-5.7.1-4.el7.ppc64le.rpm
RedHat7ppc64lelibcollectdclient-devel< 5.7.1-4.el7libcollectdclient-devel-5.7.1-4.el7.ppc64le.rpm
RedHat7x86_64collectd-dns< 5.7.1-4.el7collectd-dns-5.7.1-4.el7.x86_64.rpm
RedHat7ppc64lecollectd-zookeeper< 5.7.1-4.el7collectd-zookeeper-5.7.1-4.el7.ppc64le.rpm
RedHat7x86_64collectd-turbostat< 5.7.1-4.el7collectd-turbostat-5.7.1-4.el7.x86_64.rpm
RedHat7ppc64lecollectd-curl_json< 5.7.1-4.el7collectd-curl_json-5.7.1-4.el7.ppc64le.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	7	ppc64le	collectd-chrony	< 5.7.1-4.el7	collectd-chrony-5.7.1-4.el7.ppc64le.rpm
RedHat	7	ppc64le	collectd-rrdcached	< 5.7.1-4.el7	collectd-rrdcached-5.7.1-4.el7.ppc64le.rpm
RedHat	7	ppc64le	collectd-write_sensu	< 5.7.1-4.el7	collectd-write_sensu-5.7.1-4.el7.ppc64le.rpm
RedHat	7	x86_64	collectd-dbi	< 5.7.1-4.el7	collectd-dbi-5.7.1-4.el7.x86_64.rpm
RedHat	7	ppc64le	collectd-postgresql	< 5.7.1-4.el7	collectd-postgresql-5.7.1-4.el7.ppc64le.rpm
RedHat	7	ppc64le	libcollectdclient-devel	< 5.7.1-4.el7	libcollectdclient-devel-5.7.1-4.el7.ppc64le.rpm
RedHat	7	x86_64	collectd-dns	< 5.7.1-4.el7	collectd-dns-5.7.1-4.el7.x86_64.rpm
RedHat	7	ppc64le	collectd-zookeeper	< 5.7.1-4.el7	collectd-zookeeper-5.7.1-4.el7.ppc64le.rpm
RedHat	7	x86_64	collectd-turbostat	< 5.7.1-4.el7	collectd-turbostat-5.7.1-4.el7.x86_64.rpm
RedHat	7	ppc64le	collectd-curl_json	< 5.7.1-4.el7	collectd-curl_json-5.7.1-4.el7.ppc64le.rpm