RHEL 7 : collectd (RHSA-2018:0560)

Critical Nessus Plugin ID 108683

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

An update for collectd is now available for RHEV 4.X RHEV-H and Agents for RHEL-7 and RHEV Engine version 4.1.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

collectd is a small C-language daemon, which reads various system metrics periodically and updates RRD files (creating them if necessary). Because the daemon does not start up each time it updates files, it has a low system footprint.

The following packages have been upgraded to a later upstream version:
collectd (5.8.0). (BZ#1544653)

Security Fix(es) :

* collectd: double free in csnmp_read_table function in snmp.c (CVE-2017-16820)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Update the affected packages.

See Also

https://access.redhat.com/errata/RHSA-2018:0560

https://access.redhat.com/security/cve/cve-2017-16820

Plugin Details

Severity: Critical

ID: 108683

File Name: redhat-RHSA-2018-0560.nasl

Version: 1.3

Type: local

Agent: unix

Published: 2018/03/28

Updated: 2019/03/13

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:collectd, p-cpe:/a:redhat:enterprise_linux:collectd-apache, p-cpe:/a:redhat:enterprise_linux:collectd-ascent, p-cpe:/a:redhat:enterprise_linux:collectd-bind, p-cpe:/a:redhat:enterprise_linux:collectd-ceph, p-cpe:/a:redhat:enterprise_linux:collectd-chrony, p-cpe:/a:redhat:enterprise_linux:collectd-curl, p-cpe:/a:redhat:enterprise_linux:collectd-curl_json, p-cpe:/a:redhat:enterprise_linux:collectd-curl_xml, p-cpe:/a:redhat:enterprise_linux:collectd-dbi, p-cpe:/a:redhat:enterprise_linux:collectd-debuginfo, p-cpe:/a:redhat:enterprise_linux:collectd-disk, p-cpe:/a:redhat:enterprise_linux:collectd-dns, p-cpe:/a:redhat:enterprise_linux:collectd-drbd, p-cpe:/a:redhat:enterprise_linux:collectd-email, p-cpe:/a:redhat:enterprise_linux:collectd-generic-jmx, p-cpe:/a:redhat:enterprise_linux:collectd-hugepages, p-cpe:/a:redhat:enterprise_linux:collectd-ipmi, p-cpe:/a:redhat:enterprise_linux:collectd-iptables, p-cpe:/a:redhat:enterprise_linux:collectd-ipvs, p-cpe:/a:redhat:enterprise_linux:collectd-java, p-cpe:/a:redhat:enterprise_linux:collectd-log_logstash, p-cpe:/a:redhat:enterprise_linux:collectd-lvm, p-cpe:/a:redhat:enterprise_linux:collectd-mysql, p-cpe:/a:redhat:enterprise_linux:collectd-netlink, p-cpe:/a:redhat:enterprise_linux:collectd-nginx, p-cpe:/a:redhat:enterprise_linux:collectd-notify_email, p-cpe:/a:redhat:enterprise_linux:collectd-openldap, p-cpe:/a:redhat:enterprise_linux:collectd-ping, p-cpe:/a:redhat:enterprise_linux:collectd-postgresql, p-cpe:/a:redhat:enterprise_linux:collectd-rrdcached, p-cpe:/a:redhat:enterprise_linux:collectd-rrdtool, p-cpe:/a:redhat:enterprise_linux:collectd-sensors, p-cpe:/a:redhat:enterprise_linux:collectd-smart, p-cpe:/a:redhat:enterprise_linux:collectd-snmp, p-cpe:/a:redhat:enterprise_linux:collectd-turbostat, p-cpe:/a:redhat:enterprise_linux:collectd-utils, p-cpe:/a:redhat:enterprise_linux:collectd-virt, p-cpe:/a:redhat:enterprise_linux:collectd-write_http, p-cpe:/a:redhat:enterprise_linux:collectd-write_riemann, p-cpe:/a:redhat:enterprise_linux:collectd-write_sensu, p-cpe:/a:redhat:enterprise_linux:collectd-write_tsdb, p-cpe:/a:redhat:enterprise_linux:collectd-zookeeper, p-cpe:/a:redhat:enterprise_linux:libcollectdclient, p-cpe:/a:redhat:enterprise_linux:libcollectdclient-devel, cpe:/o:redhat:enterprise_linux:7

Patch Publication Date: 2018/03/20

Vulnerability Publication Date: 2017/11/14

Reference Information

CVE: CVE-2017-16820

RHSA: 2018:0560