This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
An update for collectd is now available for RHEV 4.X RHEV-H and Agents
for RHEL-7 and RHEV Engine version 4.1.
Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
collectd is a small C-language daemon, which reads various system
metrics periodically and updates RRD files (creating them if
necessary). Because the daemon does not start up each time it updates
files, it has a low system footprint.
The following packages have been upgraded to a newer upstream version:
collectd (5.7.1). (BZ#1446472)
Security Fix(es) :
* collectd contains an infinite loop due to how the parse_packet() and
parse_part_sign_sha256() functions interact. If an instance of
collectd is configured with 'SecurityLevel None' and with empty
'AuthFile' options an attacker can send crafted UDP packets that
trigger the infinite loop, causing a denial of service.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 3.7
Public Exploit Available : false