Red Hat Security Advisory 2018-0560-01

Red Hat Security Advisory 2018-0560-01: Posted Mar 20, 2018; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2018-0560-01 - collectd is a small C-language daemon, which reads various system metrics periodically and updates RRD files. Because the daemon does not start up each time it updates files, it has a low system footprint. The following packages have been upgraded to a later upstream version: collectd. Issues addressed include a double-free issue.; tags | advisory; systems | linux, redhat; advisories | CVE-2017-16820; SHA-256 | 309beb40670f2053c28b04a6381d084db570ca83d6a0cf6702820c0308f4e93a; Download | Favorite | View

Red Hat Security Advisory 2018-0560-01

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: collectd security, bug fix, and enhancement update
Advisory ID:       RHSA-2018:0560-01
Product:           Red Hat Virtualization
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:0560
Issue date:        2018-03-20
CVE Names:         CVE-2017-16820 
=====================================================================

1. Summary:

An update for collectd is now available for RHEV 4.X RHEV-H and Agents for
RHEL-7 and RHEV Engine version 4.1.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - ppc64le, x86_64
Red Hat Virtualization Manager 4.1 - x86_64

3. Description:

collectd is a small C-language daemon, which reads various system metrics
periodically and updates RRD files (creating them if necessary). Because
the daemon does not start up each time it updates files, it has a low
system footprint.

The following packages have been upgraded to a later upstream version:
collectd (5.8.0). (BZ#1544653)

Security Fix(es):

* collectd: double free in csnmp_read_table function in snmp.c
(CVE-2017-16820)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1516447 - CVE-2017-16820 collectd: double free in csnmp_read_table function in snmp.c
1544653 - [downstream clone - 4.1.10] Upgrade collectd to 5.8.0

6. Package List:

Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts:

Source:
collectd-5.8.0-3.el7.src.rpm

ppc64le:
collectd-5.8.0-3.el7.ppc64le.rpm
collectd-apache-5.8.0-3.el7.ppc64le.rpm
collectd-ascent-5.8.0-3.el7.ppc64le.rpm
collectd-bind-5.8.0-3.el7.ppc64le.rpm
collectd-ceph-5.8.0-3.el7.ppc64le.rpm
collectd-chrony-5.8.0-3.el7.ppc64le.rpm
collectd-curl-5.8.0-3.el7.ppc64le.rpm
collectd-curl_json-5.8.0-3.el7.ppc64le.rpm
collectd-curl_xml-5.8.0-3.el7.ppc64le.rpm
collectd-dbi-5.8.0-3.el7.ppc64le.rpm
collectd-debuginfo-5.8.0-3.el7.ppc64le.rpm
collectd-disk-5.8.0-3.el7.ppc64le.rpm
collectd-dns-5.8.0-3.el7.ppc64le.rpm
collectd-drbd-5.8.0-3.el7.ppc64le.rpm
collectd-email-5.8.0-3.el7.ppc64le.rpm
collectd-generic-jmx-5.8.0-3.el7.ppc64le.rpm
collectd-hugepages-5.8.0-3.el7.ppc64le.rpm
collectd-ipmi-5.8.0-3.el7.ppc64le.rpm
collectd-iptables-5.8.0-3.el7.ppc64le.rpm
collectd-ipvs-5.8.0-3.el7.ppc64le.rpm
collectd-java-5.8.0-3.el7.ppc64le.rpm
collectd-log_logstash-5.8.0-3.el7.ppc64le.rpm
collectd-lvm-5.8.0-3.el7.ppc64le.rpm
collectd-mysql-5.8.0-3.el7.ppc64le.rpm
collectd-netlink-5.8.0-3.el7.ppc64le.rpm
collectd-nginx-5.8.0-3.el7.ppc64le.rpm
collectd-notify_email-5.8.0-3.el7.ppc64le.rpm
collectd-openldap-5.8.0-3.el7.ppc64le.rpm
collectd-ping-5.8.0-3.el7.ppc64le.rpm
collectd-postgresql-5.8.0-3.el7.ppc64le.rpm
collectd-rrdcached-5.8.0-3.el7.ppc64le.rpm
collectd-rrdtool-5.8.0-3.el7.ppc64le.rpm
collectd-sensors-5.8.0-3.el7.ppc64le.rpm
collectd-smart-5.8.0-3.el7.ppc64le.rpm
collectd-snmp-5.8.0-3.el7.ppc64le.rpm
collectd-utils-5.8.0-3.el7.ppc64le.rpm
collectd-virt-5.8.0-3.el7.ppc64le.rpm
collectd-write_http-5.8.0-3.el7.ppc64le.rpm
collectd-write_sensu-5.8.0-3.el7.ppc64le.rpm
collectd-write_tsdb-5.8.0-3.el7.ppc64le.rpm
collectd-zookeeper-5.8.0-3.el7.ppc64le.rpm
libcollectdclient-5.8.0-3.el7.ppc64le.rpm
libcollectdclient-devel-5.8.0-3.el7.ppc64le.rpm

x86_64:
collectd-5.8.0-3.el7.x86_64.rpm
collectd-apache-5.8.0-3.el7.x86_64.rpm
collectd-ascent-5.8.0-3.el7.x86_64.rpm
collectd-bind-5.8.0-3.el7.x86_64.rpm
collectd-ceph-5.8.0-3.el7.x86_64.rpm
collectd-chrony-5.8.0-3.el7.x86_64.rpm
collectd-curl-5.8.0-3.el7.x86_64.rpm
collectd-curl_json-5.8.0-3.el7.x86_64.rpm
collectd-curl_xml-5.8.0-3.el7.x86_64.rpm
collectd-dbi-5.8.0-3.el7.x86_64.rpm
collectd-debuginfo-5.8.0-3.el7.x86_64.rpm
collectd-disk-5.8.0-3.el7.x86_64.rpm
collectd-dns-5.8.0-3.el7.x86_64.rpm
collectd-drbd-5.8.0-3.el7.x86_64.rpm
collectd-email-5.8.0-3.el7.x86_64.rpm
collectd-generic-jmx-5.8.0-3.el7.x86_64.rpm
collectd-hugepages-5.8.0-3.el7.x86_64.rpm
collectd-ipmi-5.8.0-3.el7.x86_64.rpm
collectd-iptables-5.8.0-3.el7.x86_64.rpm
collectd-ipvs-5.8.0-3.el7.x86_64.rpm
collectd-java-5.8.0-3.el7.x86_64.rpm
collectd-log_logstash-5.8.0-3.el7.x86_64.rpm
collectd-lvm-5.8.0-3.el7.x86_64.rpm
collectd-mysql-5.8.0-3.el7.x86_64.rpm
collectd-netlink-5.8.0-3.el7.x86_64.rpm
collectd-nginx-5.8.0-3.el7.x86_64.rpm
collectd-notify_email-5.8.0-3.el7.x86_64.rpm
collectd-openldap-5.8.0-3.el7.x86_64.rpm
collectd-ping-5.8.0-3.el7.x86_64.rpm
collectd-postgresql-5.8.0-3.el7.x86_64.rpm
collectd-rrdcached-5.8.0-3.el7.x86_64.rpm
collectd-rrdtool-5.8.0-3.el7.x86_64.rpm
collectd-sensors-5.8.0-3.el7.x86_64.rpm
collectd-smart-5.8.0-3.el7.x86_64.rpm
collectd-snmp-5.8.0-3.el7.x86_64.rpm
collectd-turbostat-5.8.0-3.el7.x86_64.rpm
collectd-utils-5.8.0-3.el7.x86_64.rpm
collectd-virt-5.8.0-3.el7.x86_64.rpm
collectd-write_http-5.8.0-3.el7.x86_64.rpm
collectd-write_riemann-5.8.0-3.el7.x86_64.rpm
collectd-write_sensu-5.8.0-3.el7.x86_64.rpm
collectd-write_tsdb-5.8.0-3.el7.x86_64.rpm
collectd-zookeeper-5.8.0-3.el7.x86_64.rpm
libcollectdclient-5.8.0-3.el7.x86_64.rpm
libcollectdclient-devel-5.8.0-3.el7.x86_64.rpm

Red Hat Virtualization Manager 4.1:

Source:
collectd-5.8.0-3.el7.src.rpm

x86_64:
collectd-5.8.0-3.el7.x86_64.rpm
collectd-apache-5.8.0-3.el7.x86_64.rpm
collectd-ascent-5.8.0-3.el7.x86_64.rpm
collectd-bind-5.8.0-3.el7.x86_64.rpm
collectd-ceph-5.8.0-3.el7.x86_64.rpm
collectd-chrony-5.8.0-3.el7.x86_64.rpm
collectd-curl-5.8.0-3.el7.x86_64.rpm
collectd-curl_json-5.8.0-3.el7.x86_64.rpm
collectd-curl_xml-5.8.0-3.el7.x86_64.rpm
collectd-dbi-5.8.0-3.el7.x86_64.rpm
collectd-debuginfo-5.8.0-3.el7.x86_64.rpm
collectd-disk-5.8.0-3.el7.x86_64.rpm
collectd-dns-5.8.0-3.el7.x86_64.rpm
collectd-drbd-5.8.0-3.el7.x86_64.rpm
collectd-email-5.8.0-3.el7.x86_64.rpm
collectd-generic-jmx-5.8.0-3.el7.x86_64.rpm
collectd-hugepages-5.8.0-3.el7.x86_64.rpm
collectd-ipmi-5.8.0-3.el7.x86_64.rpm
collectd-iptables-5.8.0-3.el7.x86_64.rpm
collectd-ipvs-5.8.0-3.el7.x86_64.rpm
collectd-java-5.8.0-3.el7.x86_64.rpm
collectd-log_logstash-5.8.0-3.el7.x86_64.rpm
collectd-lvm-5.8.0-3.el7.x86_64.rpm
collectd-mysql-5.8.0-3.el7.x86_64.rpm
collectd-netlink-5.8.0-3.el7.x86_64.rpm
collectd-nginx-5.8.0-3.el7.x86_64.rpm
collectd-notify_email-5.8.0-3.el7.x86_64.rpm
collectd-openldap-5.8.0-3.el7.x86_64.rpm
collectd-ping-5.8.0-3.el7.x86_64.rpm
collectd-postgresql-5.8.0-3.el7.x86_64.rpm
collectd-rrdcached-5.8.0-3.el7.x86_64.rpm
collectd-rrdtool-5.8.0-3.el7.x86_64.rpm
collectd-sensors-5.8.0-3.el7.x86_64.rpm
collectd-smart-5.8.0-3.el7.x86_64.rpm
collectd-snmp-5.8.0-3.el7.x86_64.rpm
collectd-turbostat-5.8.0-3.el7.x86_64.rpm
collectd-utils-5.8.0-3.el7.x86_64.rpm
collectd-virt-5.8.0-3.el7.x86_64.rpm
collectd-write_http-5.8.0-3.el7.x86_64.rpm
collectd-write_sensu-5.8.0-3.el7.x86_64.rpm
collectd-write_tsdb-5.8.0-3.el7.x86_64.rpm
collectd-zookeeper-5.8.0-3.el7.x86_64.rpm
libcollectdclient-5.8.0-3.el7.x86_64.rpm
libcollectdclient-devel-5.8.0-3.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-16820
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFasTi3XlSAg2UNWIIRAr8UAJ9+UCTsHkGSF5JcHxaRwAtH16TfwwCeM3+3
BE6dWSHe0Y4+cH5BOziNFPU=
=6s+3
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Top Authors In Last 30 Days

Red Hat 221 files
Ubuntu 59 files
Debian 30 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,298)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,550)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,453)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Red Hat Security Advisory 2018-0560-01

Red Hat Security Advisory 2018-0560-01

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Red Hat Security Advisory 2018-0560-01

Share This

Red Hat Security Advisory 2018-0560-01

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems