Issued:
2018-01-30
Updated:
2018-01-30

RHSA-2018:0252 - Security Advisory

Synopsis

Moderate: collectd security update

Type/Severity

Security Advisory: Moderate

Topic

An update for collectd is now available for Red Hat OpenStack Platform 12.0 Operational Tools for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

collectd is a small C-language daemon, which reads various system metrics periodically and updates RRD files (creating them if necessary). Because the daemon does not start up each time it updates files, it has a low system footprint.

Security Fix(es):

  • The csnmp_read_table function in the SNMP plugin of collectd, before version 5.6.3, is susceptible to a double free in a certain error case. This could lead to a crash. (CVE-2017-16820)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenStack 12 x86_64

Fixes

  • BZ - 1516447 - CVE-2017-16820 collectd: double free in csnmp_read_table function in snmp.c

CVEs

References

Red Hat OpenStack 12

SRPM
collectd-5.7.2-3.el7ost.src.rpm SHA-256: d32f1570acfbda53bd567d4ea0f6896172257688a32d6701a34038c53851254f
x86_64
collectd-5.7.2-3.el7ost.x86_64.rpm SHA-256: 4be3a907b0730089d0c501d0b8faf26c6510c01120633112c7e83fd000e08622
collectd-apache-5.7.2-3.el7ost.x86_64.rpm SHA-256: fa9beaf8549b18260e13a5ca66cca1103cf01db216f223c37267bb3801c942d1
collectd-ascent-5.7.2-3.el7ost.x86_64.rpm SHA-256: 1ab62a2e2d78e02414f36adc7c00ce8822e76245ff3e70ecc9351728195b451a
collectd-bind-5.7.2-3.el7ost.x86_64.rpm SHA-256: 0d2ceaea12dfd0913d621d1fde7cfa81ffa8e651419d3f96475734fce955c28f
collectd-ceph-5.7.2-3.el7ost.x86_64.rpm SHA-256: c9ff1f0f258d46d536005a7c68328f8473a783e19f179cf640218fdbb0c58802
collectd-curl-5.7.2-3.el7ost.x86_64.rpm SHA-256: 2593e2c118a2088706a5e757fe14104a23b51bd8c3dc6b40c16a23df4c4aa9ca
collectd-curl_json-5.7.2-3.el7ost.x86_64.rpm SHA-256: 2d01178e81818bf26171c41ce7d3e65d7277e90caf69899fa443dfa9884e1443
collectd-curl_xml-5.7.2-3.el7ost.x86_64.rpm SHA-256: 7fd5aca82c3ab7a1fccf0038d2679afcd04eb77649fa35382d3e09baf4c753a0
collectd-dbi-5.7.2-3.el7ost.x86_64.rpm SHA-256: 2dced4bcb12e054c98f24beb6b6750c468584f8c3a3e36319b1b43a9476ac929
collectd-debuginfo-5.7.2-3.el7ost.x86_64.rpm SHA-256: 19f4d5bab461f23212930db15b8d7a16edbe7c7aca670887b1b9f559f95d3517
collectd-disk-5.7.2-3.el7ost.x86_64.rpm SHA-256: 000659b21285af11c2617c196c7633c84af08937ccbccd5169e9f0caa93a1bdb
collectd-dns-5.7.2-3.el7ost.x86_64.rpm SHA-256: 2bd26fc6eccd47eb669a36edfebcbae1604a88d33e30e41788a7f712f6bfc9ad
collectd-drbd-5.7.2-3.el7ost.x86_64.rpm SHA-256: c6188b48120347e2bc89b396046a263743db07aa0d43ae118d90cafbb02d40a2
collectd-email-5.7.2-3.el7ost.x86_64.rpm SHA-256: a976b1ad73da00b20a83f63eda7b5fc2f2ac6f60ec9dec0ed150c58e4cd31dfe
collectd-generic-jmx-5.7.2-3.el7ost.x86_64.rpm SHA-256: 28c7a4c818c14d67195f0ef7cb2d6fb904ce533a068d49378f0b58d198ba2e02
collectd-hugepages-5.7.2-3.el7ost.x86_64.rpm SHA-256: 86c5390779ddd1f32deb119274fbb78ddccfa2f1e6be8fa3b0052f496fe7adbb
collectd-ipmi-5.7.2-3.el7ost.x86_64.rpm SHA-256: 24f10fe0f76ced5bba3c2fe7f7b9c26c1558affef4c287575502ce3b673f5bd2
collectd-iptables-5.7.2-3.el7ost.x86_64.rpm SHA-256: 9513a0052e13c12a74e1fad12ed8fdc1748517aab7290a43559b95b4f8d1c48b
collectd-ipvs-5.7.2-3.el7ost.x86_64.rpm SHA-256: 81b0563084f31e3bf43e9b488a385729dc370b9531be77a41d846dc39ccf3219
collectd-java-5.7.2-3.el7ost.x86_64.rpm SHA-256: 8b584696f40c5a25c569de38d1b394930f0260160ad1b7c85f823bc4741f9f77
collectd-log_logstash-5.7.2-3.el7ost.x86_64.rpm SHA-256: 13fbfb97dc0bde68b5a30c4aaec6e370f763d7a4d93f07e40857bc5d6c694599
collectd-lvm-5.7.2-3.el7ost.x86_64.rpm SHA-256: 1cb47c6aaa2d95c037b4a7656101b7106c44056e8c9160191b9f0a29a75f1ca5
collectd-mysql-5.7.2-3.el7ost.x86_64.rpm SHA-256: 95e0fcf8a28a84a96dee4a794d03248d9e4ed49e0917483da0ed0b11dfac40a4
collectd-netlink-5.7.2-3.el7ost.x86_64.rpm SHA-256: 72e4a42e8882afc1848b497d0a3c1db955815c2637546b8bae6da4d104eb3edd
collectd-nginx-5.7.2-3.el7ost.x86_64.rpm SHA-256: 8aa0e4d06c4b1a1883902437775d82c173652d50b891f2147aa5639124590d0c
collectd-notify_desktop-5.7.2-3.el7ost.x86_64.rpm SHA-256: 93621bb80d75e965ebac9c78343c72ea1ad388da76eaa70e749a7bf588f8feb4
collectd-notify_email-5.7.2-3.el7ost.x86_64.rpm SHA-256: 7b8e8ffbd42d5af3533d2bd321f2550f5586fa6eb1a5817ad9487f8d9c46b6b9
collectd-openldap-5.7.2-3.el7ost.x86_64.rpm SHA-256: 7526a5893483a364c67929f8833eaaa8e3531728581f0acce6253acebd8d4c88
collectd-ping-5.7.2-3.el7ost.x86_64.rpm SHA-256: 2752889adc30eb80b232b94bd4bc7a935d233bc1adec7a9d7a363166660f844b
collectd-postgresql-5.7.2-3.el7ost.x86_64.rpm SHA-256: 65c15c5d0797fa9da3c770c1b04fbcbfe4874dad24417f0f95b8a01684381810
collectd-rrdcached-5.7.2-3.el7ost.x86_64.rpm SHA-256: fc384c3af32ec3d289fc2b6ade12c5a0724cadebd351a04c0bf011da272291b3
collectd-rrdtool-5.7.2-3.el7ost.x86_64.rpm SHA-256: 466911de75d9b1346f39c48bc27d049a560ae50324b31fc74f894b93fb4dc19a
collectd-sensors-5.7.2-3.el7ost.x86_64.rpm SHA-256: 54dc61b9660c0fedaafe06a97c4d98ff563aa87370243ab8603a37cf3ce106e2
collectd-smart-5.7.2-3.el7ost.x86_64.rpm SHA-256: 8bc97cb9f280b6166d443eee66818804e85714fdc0fcbff59648a88fd8ddba06
collectd-snmp-5.7.2-3.el7ost.x86_64.rpm SHA-256: edff835d33db51aef40566452efb7bddfc27005121dfd575e22b2cba914e1804
collectd-turbostat-5.7.2-3.el7ost.x86_64.rpm SHA-256: be176dd820a7bbd6070b1b0bb99ef0e0ef94acb6d699fd4f883748111d454deb
collectd-utils-5.7.2-3.el7ost.x86_64.rpm SHA-256: eb0eec8e40a69f06d252252a4a71bce866844c86dc575e3fe537cf510048d31a
collectd-virt-5.7.2-3.el7ost.x86_64.rpm SHA-256: d4dc6389cc76edb286976b291af5f4cca3e907f39dc5f8c80fb81d0b85f8be29
collectd-web-5.7.2-3.el7ost.x86_64.rpm SHA-256: e90987c6e0b7c706409e58b13e34b9bf31fff11273ec786b06238e65ea2d6ddc
collectd-write_http-5.7.2-3.el7ost.x86_64.rpm SHA-256: a4ea975b883e0f9507de663c921614600b5bb5c2d1ccb914f548300527472945
collectd-write_sensu-5.7.2-3.el7ost.x86_64.rpm SHA-256: b17f831048445c09dd6b2434060697ab94361ad3a05b6e98e0051de27bc19b3b
collectd-write_tsdb-5.7.2-3.el7ost.x86_64.rpm SHA-256: 3acf242e454072cdf9b0426674d602bc67f6492bae38822fded220eb2604a09d
collectd-zookeeper-5.7.2-3.el7ost.x86_64.rpm SHA-256: c5b455b216f5a8f2ca68b479047ca2972076ac10ab40944c48c0f31965933927
libcollectdclient-5.7.2-3.el7ost.x86_64.rpm SHA-256: f6ada8a143dec1f4eaf7557586b1639b5861a7ea0281a0191af4e444eb652297
perl-Collectd-5.7.2-3.el7ost.x86_64.rpm SHA-256: 09e719ba9f7a238b03bde779465280579cb3f71a2572beccb14a44e1932a2df1

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.