Issued:

2017-05-24

Updated:

2017-07-17

RHSA-2017:1285 - Moderate: collectd security, bug fix, and enhancement update

Synopsis

Moderate: collectd security, bug fix, and enhancement update

Type/Severity

Security Advisory Moderate

Topic

An update for collectd is now available for RHEV 4.X RHEV-H and Agents for RHEL-7 and RHEV Engine version 4.1.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

collectd is a small C-language daemon, which reads various system metrics periodically and updates RRD files (creating them if necessary). Because the daemon does not start up each time it updates files, it has a low system footprint.

The following packages have been upgraded to a newer upstream version: collectd (5.7.1). (BZ#1446472)

Security Fix(es):

• collectd contains an infinite loop due to how the parse_packet() and parse_part_sign_sha256() functions interact. If an instance of collectd is configured with "SecurityLevel None" and with empty "AuthFile" options an attacker can send crafted UDP packets that trigger the infinite loop, causing a denial of service. (CVE-2017-7401)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Updated Packages

• collectd-apache-5.7.1-4.el7.x86_64.rpm
• collectd-5.7.1-4.el7.x86_64.rpm
• libcollectdclient-5.7.1-4.el7.ppc64le.rpm
• collectd-chrony-5.7.1-4.el7.ppc64le.rpm
• collectd-ipvs-5.7.1-4.el7.x86_64.rpm
• collectd-notify_email-5.7.1-4.el7.ppc64le.rpm
• collectd-curl_xml-5.7.1-4.el7.ppc64le.rpm
• collectd-email-5.7.1-4.el7.ppc64le.rpm
• collectd-hugepages-5.7.1-4.el7.ppc64le.rpm
• collectd-iptables-5.7.1-4.el7.x86_64.rpm
• collectd-ipmi-5.7.1-4.el7.x86_64.rpm
• collectd-disk-5.7.1-4.el7.ppc64le.rpm
• collectd-ping-5.7.1-4.el7.ppc64le.rpm
• collectd-rrdtool-5.7.1-4.el7.x86_64.rpm
• collectd-log_logstash-5.7.1-4.el7.ppc64le.rpm
• libcollectdclient-5.7.1-4.el7.x86_64.rpm
• collectd-sensors-5.7.1-4.el7.x86_64.rpm
• collectd-log_logstash-5.7.1-4.el7.x86_64.rpm
• collectd-write_riemann-5.7.1-4.el7.x86_64.rpm
• collectd-lvm-5.7.1-4.el7.x86_64.rpm
• collectd-nginx-5.7.1-4.el7.ppc64le.rpm
• collectd-ipmi-5.7.1-4.el7.ppc64le.rpm
• collectd-ceph-5.7.1-4.el7.ppc64le.rpm
• collectd-notify_desktop-5.7.1-4.el7.x86_64.rpm
• collectd-write_http-5.7.1-4.el7.ppc64le.rpm
• collectd-dns-5.7.1-4.el7.ppc64le.rpm
• collectd-utils-5.7.1-4.el7.x86_64.rpm
• collectd-notify_email-5.7.1-4.el7.x86_64.rpm
• collectd-snmp-5.7.1-4.el7.ppc64le.rpm
• collectd-netlink-5.7.1-4.el7.x86_64.rpm
• collectd-smart-5.7.1-4.el7.ppc64le.rpm
• collectd-curl-5.7.1-4.el7.x86_64.rpm
• collectd-postgresql-5.7.1-4.el7.ppc64le.rpm
• collectd-generic-jmx-5.7.1-4.el7.x86_64.rpm
• collectd-ceph-5.7.1-4.el7.x86_64.rpm
• collectd-ascent-5.7.1-4.el7.ppc64le.rpm
• collectd-rrdtool-5.7.1-4.el7.ppc64le.rpm
• collectd-virt-5.7.1-4.el7.x86_64.rpm
• collectd-nginx-5.7.1-4.el7.x86_64.rpm
• collectd-notify_desktop-5.7.1-4.el7.ppc64le.rpm
• collectd-hugepages-5.7.1-4.el7.x86_64.rpm
• collectd-zookeeper-5.7.1-4.el7.ppc64le.rpm
• collectd-lvm-5.7.1-4.el7.ppc64le.rpm
• collectd-iptables-5.7.1-4.el7.ppc64le.rpm
• collectd-curl_xml-5.7.1-4.el7.x86_64.rpm
• collectd-5.7.1-4.el7.ppc64le.rpm
• collectd-postgresql-5.7.1-4.el7.x86_64.rpm
• collectd-bind-5.7.1-4.el7.x86_64.rpm
• collectd-openldap-5.7.1-4.el7.x86_64.rpm
• collectd-virt-5.7.1-4.el7.ppc64le.rpm
• collectd-snmp-5.7.1-4.el7.x86_64.rpm
• collectd-generic-jmx-5.7.1-4.el7.ppc64le.rpm
• collectd-bind-5.7.1-4.el7.ppc64le.rpm
• collectd-netlink-5.7.1-4.el7.ppc64le.rpm
• collectd-openldap-5.7.1-4.el7.ppc64le.rpm
• collectd-write_sensu-5.7.1-4.el7.ppc64le.rpm
• collectd-zookeeper-5.7.1-4.el7.x86_64.rpm
• collectd-chrony-5.7.1-4.el7.x86_64.rpm
• collectd-write_tsdb-5.7.1-4.el7.x86_64.rpm
• collectd-ascent-5.7.1-4.el7.x86_64.rpm
• collectd-rrdcached-5.7.1-4.el7.x86_64.rpm
• collectd-java-5.7.1-4.el7.x86_64.rpm
• collectd-5.7.1-4.el7.src.rpm
• collectd-mysql-5.7.1-4.el7.x86_64.rpm
• collectd-write_http-5.7.1-4.el7.x86_64.rpm
• collectd-ipvs-5.7.1-4.el7.ppc64le.rpm
• collectd-write_tsdb-5.7.1-4.el7.ppc64le.rpm
• collectd-drbd-5.7.1-4.el7.x86_64.rpm
• collectd-dbi-5.7.1-4.el7.ppc64le.rpm
• libcollectdclient-devel-5.7.1-4.el7.ppc64le.rpm
• collectd-disk-5.7.1-4.el7.x86_64.rpm
• collectd-curl_json-5.7.1-4.el7.x86_64.rpm
• collectd-drbd-5.7.1-4.el7.ppc64le.rpm
• collectd-smart-5.7.1-4.el7.x86_64.rpm
• collectd-write_sensu-5.7.1-4.el7.x86_64.rpm
• collectd-apache-5.7.1-4.el7.ppc64le.rpm
• collectd-dbi-5.7.1-4.el7.x86_64.rpm
• collectd-rrdcached-5.7.1-4.el7.ppc64le.rpm
• collectd-utils-5.7.1-4.el7.ppc64le.rpm
• collectd-debuginfo-5.7.1-4.el7.ppc64le.rpm
• collectd-mysql-5.7.1-4.el7.ppc64le.rpm
• collectd-sensors-5.7.1-4.el7.ppc64le.rpm
• collectd-email-5.7.1-4.el7.x86_64.rpm
• collectd-ping-5.7.1-4.el7.x86_64.rpm
• libcollectdclient-devel-5.7.1-4.el7.x86_64.rpm
• collectd-curl_json-5.7.1-4.el7.ppc64le.rpm
• collectd-dns-5.7.1-4.el7.x86_64.rpm
• collectd-curl-5.7.1-4.el7.ppc64le.rpm
• collectd-debuginfo-5.7.1-4.el7.x86_64.rpm
• collectd-java-5.7.1-4.el7.ppc64le.rpm
• collectd-turbostat-5.7.1-4.el7.x86_64.rpm

Fixes

• This content is not included.BZ - 1439674
• This content is not included.BZ - 1446472

CVEs

• CVE-2017-7401

References

• https://access.redhat.com/security/updates/classification/#moderate

Additional information

• The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
• Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.