(RHSA-2018:0560) Moderate: collectd security, bug fix, and enhancement update

2018-03-2016:16:12

access.redhat.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.009 Low

EPSS

Percentile

82.4%

JSON

collectd is a small C-language daemon, which reads various system metrics periodically and updates RRD files (creating them if necessary). Because the daemon does not start up each time it updates files, it has a low system footprint.

The following packages have been upgraded to a later upstream version: collectd (5.8.0). (BZ#1544653)

Security Fix(es):

collectd: double free in csnmp_read_table function in snmp.c (CVE-2017-16820)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat7ppc64lecollectd-java< 5.8.0-3.el7collectd-java-5.8.0-3.el7.ppc64le.rpm
RedHat7ppc64lecollectd-snmp< 5.8.0-3.el7collectd-snmp-5.8.0-3.el7.ppc64le.rpm
RedHat7x86_64collectd-openldap< 5.8.0-3.el7collectd-openldap-5.8.0-3.el7.x86_64.rpm
RedHat7x86_64collectd-smart< 5.8.0-3.el7collectd-smart-5.8.0-3.el7.x86_64.rpm
RedHat7x86_64collectd-sensors< 5.8.0-3.el7collectd-sensors-5.8.0-3.el7.x86_64.rpm
RedHat7ppc64lecollectd-notify_email< 5.8.0-3.el7collectd-notify_email-5.8.0-3.el7.ppc64le.rpm
RedHat7x86_64collectd-rrdcached< 5.8.0-3.el7collectd-rrdcached-5.8.0-3.el7.x86_64.rpm
RedHat7ppc64lelibcollectdclient< 5.8.0-3.el7libcollectdclient-5.8.0-3.el7.ppc64le.rpm
RedHat7x86_64collectd-bind< 5.8.0-3.el7collectd-bind-5.8.0-3.el7.x86_64.rpm
RedHat7ppc64lecollectd-chrony< 5.8.0-3.el7collectd-chrony-5.8.0-3.el7.ppc64le.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	7	ppc64le	collectd-java	< 5.8.0-3.el7	collectd-java-5.8.0-3.el7.ppc64le.rpm
RedHat	7	ppc64le	collectd-snmp	< 5.8.0-3.el7	collectd-snmp-5.8.0-3.el7.ppc64le.rpm
RedHat	7	x86_64	collectd-openldap	< 5.8.0-3.el7	collectd-openldap-5.8.0-3.el7.x86_64.rpm
RedHat	7	x86_64	collectd-smart	< 5.8.0-3.el7	collectd-smart-5.8.0-3.el7.x86_64.rpm
RedHat	7	x86_64	collectd-sensors	< 5.8.0-3.el7	collectd-sensors-5.8.0-3.el7.x86_64.rpm
RedHat	7	ppc64le	collectd-notify_email	< 5.8.0-3.el7	collectd-notify_email-5.8.0-3.el7.ppc64le.rpm
RedHat	7	x86_64	collectd-rrdcached	< 5.8.0-3.el7	collectd-rrdcached-5.8.0-3.el7.x86_64.rpm
RedHat	7	ppc64le	libcollectdclient	< 5.8.0-3.el7	libcollectdclient-5.8.0-3.el7.ppc64le.rpm
RedHat	7	x86_64	collectd-bind	< 5.8.0-3.el7	collectd-bind-5.8.0-3.el7.x86_64.rpm
RedHat	7	ppc64le	collectd-chrony	< 5.8.0-3.el7	collectd-chrony-5.8.0-3.el7.ppc64le.rpm