Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 3 articles for you...
89
security advisoryfedorasoftware fixFedora 37: 2022-02f3c7a859 Minor: Systemd Security Patch Addressed
stop building for ix86 and armv7hl due to missing build dependency x86 pv: Race condition in typeref acquisition [XSA-401, CVE-2022-26362] x86 pv: Insufficient care with non-coherent mappings [ XSA-402, CVE-2022-26363, CVE-2022-26364] ---- Split qemu-user-static into per-arch subpackages (bz 2061584). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-0142d562ca 2022-06-22 00:46:07.353356 --------------------------------------------------------------------------------Name : collectd Product : Fedora 36 Version : 5.12.0 Release : 16.fc36 URL : https://collectd.org/ Summary : Statistics collection daemon for filling RRD files Description : collectd is a daemon which collects system performance statistics periodically and provides mechanisms to store the values in a variety of ways, for example in RRD files. --------------------------------------------------------------------------------Update Information: stop building for ix86 and armv7hl due to missing build dependency x86 pv: Race condition in typeref acquisition [XSA-401, CVE-2022-26362] x86 pv: Insufficient care with non-coherent mappings [ XSA-402, CVE-2022-26363, CVE-2022-26364] ---- Split qemu-user-static into per-arch subpackages (bz 2061584) --------------------------------------------------------------------------------ChangeLog: * Sat Jun 11 2022 Cole Robinson - 5.12.0-16 - Adjust for Xen dropping i686 support --------------------------------------------------------------------------------References: [ 1 ] Bug #2061584 - qemu-user-static needs to be broken into separate package per arch. https://bugzilla.redhat.com/show_bug.cgi?id=2061584 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-0142d562ca' at the command line. For more information, refer to the dnf documentationavailable at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jun 21, 2022
•Important
Fedora
98
security advisorymoderate severitysystem monitoringRed Hat OpenStack 10 Moderate: Collectd Security Fix RHSA-2018-1605
Updated collectd packages are now available for Red Hat OpenStack Platform 10.0 Operational Tools for RHEL 7. Red Hat Product Security has rated this update as having a security impact of. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: collectd security update Advisory ID: RHSA-2018:1605-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2018:1605 Issue date: 2018-05-17 CVE Names: CVE-2017-16820 ==================================================================== 1. Summary: Updated collectd packages are now available for Red Hat OpenStack Platform 10.0 Operational Tools for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 10.0 Operational Tools for RHEL 7 - x86_64 3. Description: Red Hat OpenStack Platform Operational Tools provides the facilities for monitoring a private or public Red Hat OpenStack Platform cloud. collectd is a small C-language daemon, which reads various system metrics periodically and updates RRD files (creating them if necessary). Because the daemon does not start up each time it updates files, it has a low system footprint. Security fix: * collectd: double free in csnmp_read_table function in snmp.c (CVE-2017-16820) For more details about the security issue, including impact, a CVSS score, and other related information, refer to the CVE page listed in the References section. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. Red Hat OpenStack Platform 10 runs on Red Hat EnterpriseLinux 7.5. The Red Hat OpenStack Platform 10 Release Notes contain the following: * An explanation of the way in which the provided components interact to form a working cloud computing environment. * Technology Previews, Recommended Practices, and Known Issues. * The channels required for Red Hat OpenStack Platform 10, including which channels need to be enabled and disabled. The Release Notes are available at: This update is available through 'yum update' on systems registered through Red Hat Subscription Manager. For more information about Red Hat Subscription Manager, see: nt/1/html/RHSM/index.html 5. Bugs fixed (https://bugzilla.redhat.com/): 1516447 - CVE-2017-16820 collectd: double free in csnmp_read_table function in snmp.c 1550149 - [UPDATES]Failed to on dependencies if collectd sub-packages are installed 6. Package List: Red Hat OpenStack Platform 10.0 Operational Tools for RHEL7: Source: collectd-5.8.0-10.el7ost.src.rpm intel-cmt-cat-1.0.1-1.el7ost.src.rpm x86_64: collectd-5.8.0-10.el7ost.x86_64.rpm collectd-apache-5.8.0-10.el7ost.x86_64.rpm collectd-ascent-5.8.0-10.el7ost.x86_64.rpm collectd-bind-5.8.0-10.el7ost.x86_64.rpm collectd-ceph-5.8.0-10.el7ost.x86_64.rpm collectd-curl-5.8.0-10.el7ost.x86_64.rpm collectd-curl_json-5.8.0-10.el7ost.x86_64.rpm collectd-curl_xml-5.8.0-10.el7ost.x86_64.rpm collectd-dbi-5.8.0-10.el7ost.x86_64.rpm collectd-debuginfo-5.8.0-10.el7ost.x86_64.rpm collectd-disk-5.8.0-10.el7ost.x86_64.rpm collectd-dns-5.8.0-10.el7ost.x86_64.rpm collectd-drbd-5.8.0-10.el7ost.x86_64.rpm collectd-email-5.8.0-10.el7ost.x86_64.rpm collectd-generic-jmx-5.8.0-10.el7ost.x86_64.rpm collectd-ipmi-5.8.0-10.el7ost.x86_64.rpm collectd-iptables-5.8.0-10.el7ost.x86_64.rpm collectd-ipvs-5.8.0-10.el7ost.x86_64.rpm collectd-java-5.8.0-10.el7ost.x86_64.rpm collectd-log_logstash-5.8.0-10.el7ost.x86_64.rpm collectd-mcelog-5.8.0-10.el7ost.x86_64.rpm collectd-memcachec-5.8.0-10.el7ost.x86_64.rpm collectd-mysql-5.8.0-10.el7ost.x86_64.rpm collectd-netlink-5.8.0-10.el7ost.x86_64.rpm collectd-nginx-5.8.0-10.el7ost.x86_64.rpm collectd-notify_email-5.8.0-10.el7ost.x86_64.rpm collectd-openldap-5.8.0-10.el7ost.x86_64.rpm collectd-ovs-events-5.8.0-10.el7ost.x86_64.rpm collectd-ovs-stats-5.8.0-10.el7ost.x86_64.rpm collectd-ping-5.8.0-10.el7ost.x86_64.rpm collectd-postgresql-5.8.0-10.el7ost.x86_64.rpm collectd-python-5.8.0-10.el7ost.x86_64.rpm collectd-rdt-5.8.0-10.el7ost.x86_64.rpm collectd-rrdcached-5.8.0-10.el7ost.x86_64.rpm collectd-rrdtool-5.8.0-10.el7ost.x86_64.rpm collectd-sensors-5.8.0-10.el7ost.x86_64.rpm collectd-smart-5.8.0-10.el7ost.x86_64.rpm collectd-snmp-5.8.0-10.el7ost.x86_64.rpm collectd-snmp-agent-5.8.0-10.el7ost.x86_64.rpm collectd-turbostat-5.8.0-10.el7ost.x86_64.rpm collectd-utils-5.8.0-10.el7ost.x86_64.rpm collectd-virt-5.8.0-10.el7ost.x86_64.rpm collectd-write_http-5.8.0-10.el7ost.x86_64.rpm collectd-write_sensu-5.8.0-10.el7ost.x86_64.rpm collectd-write_tsdb-5.8.0-10.el7ost.x86_64.rpm collectd-zookeeper-5.8.0-10.el7ost.x86_64.rpm intel-cmt-cat-1.0.1-1.el7ost.x86_64.rpm libcollectdclient-5.8.0-10.el7ost.x86_64.rpm perl-Collectd-5.8.0-10.el7ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2017-16820 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBWv2fStzjgjWX9erEAQi2uA/+OEDMby47/e/vOXPZ/VVeiUzist1i2ATp NifJGxcQr4BU7NeO7A/AVi7uJEnOfZ5eDIfDUV30XutnWV1NUcaY4l4n0ezJTHtZ 05DYEIqfg/ZaSRvbEdMdJzgz7GhcpwMGKuTsKzu2lcRFBUheAwAr8nRGSRGGeFfc qRiVry+oZr/smAXmAt5IgG1VPpOD1RGrtzCH4KyOJNtEJqlmRsCouRRqLIEX8bLn lt907OueLYiYw3KC488MY20hnCsGZJTdUwCAPG/3VeqirbTS//S1yeSsKug4Gls1 YTSHW2LS3GHHrwrRUGRr2oZnQlbSDwz+kmH4HNxrzhpaIfKCFKoNA+UtyBkhov6S Pt1WBZcGMHQXDbEyl9lDfYj8QUcnqSd/Ezsfvazzy8+oqGtmq/cM1q5zIi2L2HJJ bv+BVja57Ydk2g3NqERxxpflS5FxoR88bXmFDLgrnGHisf5iehKZ6BHE9x0JGci4 Uc85AU6guYiaT5EcOCY/05z2zA5h4tRNrnFocFU6N6gYPjH18yTWa1IiU2PFidL9 7Jq0E9AL1gP7eLGoBac2n0eCzIe3bS+oo1wr4QE0FkqKBDDLpZaFY+3/iK6pY6Or HsidxC9BhIYbGRmyE/HBAey5VEH2zXWYzPool3P+9qUeZDtzzGd8QkA2c1YdUFL/ 5BD6zoMmAlc=qPF8 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 17, 2018
Red Hat
91
security advisoryGentoohigh severityGentoo: GLSA-201803-10 High: collectd Privilege Escalation Risk
Gentoo's collectd package contains multiple vulnerabilities, the worst of which may allow local attackers to escalate privileges.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201803-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: collectd: Multiple vulnerabilities Date: March 22, 2018 Bugs: #628540, #637538 ID: 201803-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Gentoo's collectd package contains multiple vulnerabilities, the worst of which may allow local attackers to escalate privileges. Background ========= collectd is a daemon which collects system and application performance metrics periodically and provides mechanisms to store the values in a variety of ways, for example in RRD files. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-admin/collectd < 5.7.2-r1 > = 5.7.2-r1 Description ========== Multiple vulnerabilities have been found in Gentoo's collectd package. Please review the referenced CVE identifiers and bug entries for details. Impact ===== A local attacker, who either is already collectd's system user or belongs to collectd's group, could potentially gain root privileges and cause a Denial of Service condition. Remote attackers could cause a Denial of Service condition via specially crafted SNMP responses. Workaround ========= There is no known workaround at this time. Resolution ========= All collectd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/collectd-5.7.2-r1" References ========= [ 1 ] CVE-2017-16820 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-16820 [ 2 ] CVE-2017-18240 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18240 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201803-10 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Mar 22, 2018
Gentoo
98
security advisorymoderatered hatRed Hat RHEV 4.1: RHSA-2018-0560-01 Moderate: Collectd Double Free Issue
An update for collectd is now available for RHEV 4.X RHEV-H and Agents for RHEL-7 and RHEV Engine version 4.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: collectd security, bug fix, and enhancement update Advisory ID: RHSA-2018:0560-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2018:0560 Issue date: 2018-03-20 CVE Names: CVE-2017-16820 ==================================================================== 1. Summary: An update for collectd is now available for RHEV 4.X RHEV-H and Agents for RHEL-7 and RHEV Engine version 4.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - ppc64le, x86_64 Red Hat Virtualization Manager 4.1 - x86_64 3. Description: collectd is a small C-language daemon, which reads various system metrics periodically and updates RRD files (creating them if necessary). Because the daemon does not start up each time it updates files, it has a low system footprint. The following packages have been upgraded to a later upstream version: collectd (5.8.0). (BZ#1544653) Security Fix(es): * collectd: double free in csnmp_read_table function in snmp.c (CVE-2017-16820) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, whichincludes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1516447 - CVE-2017-16820 collectd: double free in csnmp_read_table function in snmp.c 1544653 - [downstream clone - 4.1.10] Upgrade collectd to 5.8.0 6. Package List: Red Hat Virtualization 4 Management Agent for RHEL 7Hosts: Source: collectd-5.8.0-3.el7.src.rpm ppc64le: collectd-5.8.0-3.el7.ppc64le.rpm collectd-apache-5.8.0-3.el7.ppc64le.rpm collectd-ascent-5.8.0-3.el7.ppc64le.rpm collectd-bind-5.8.0-3.el7.ppc64le.rpm collectd-ceph-5.8.0-3.el7.ppc64le.rpm collectd-chrony-5.8.0-3.el7.ppc64le.rpm collectd-curl-5.8.0-3.el7.ppc64le.rpm collectd-curl_json-5.8.0-3.el7.ppc64le.rpm collectd-curl_xml-5.8.0-3.el7.ppc64le.rpm collectd-dbi-5.8.0-3.el7.ppc64le.rpm collectd-debuginfo-5.8.0-3.el7.ppc64le.rpm collectd-disk-5.8.0-3.el7.ppc64le.rpm collectd-dns-5.8.0-3.el7.ppc64le.rpm collectd-drbd-5.8.0-3.el7.ppc64le.rpm collectd-email-5.8.0-3.el7.ppc64le.rpm collectd-generic-jmx-5.8.0-3.el7.ppc64le.rpm collectd-hugepages-5.8.0-3.el7.ppc64le.rpm collectd-ipmi-5.8.0-3.el7.ppc64le.rpm collectd-iptables-5.8.0-3.el7.ppc64le.rpm collectd-ipvs-5.8.0-3.el7.ppc64le.rpm collectd-java-5.8.0-3.el7.ppc64le.rpm collectd-log_logstash-5.8.0-3.el7.ppc64le.rpm collectd-lvm-5.8.0-3.el7.ppc64le.rpm collectd-mysql-5.8.0-3.el7.ppc64le.rpm collectd-netlink-5.8.0-3.el7.ppc64le.rpm collectd-nginx-5.8.0-3.el7.ppc64le.rpm collectd-notify_email-5.8.0-3.el7.ppc64le.rpm collectd-openldap-5.8.0-3.el7.ppc64le.rpm collectd-ping-5.8.0-3.el7.ppc64le.rpm collectd-postgresql-5.8.0-3.el7.ppc64le.rpm collectd-rrdcached-5.8.0-3.el7.ppc64le.rpm collectd-rrdtool-5.8.0-3.el7.ppc64le.rpm collectd-sensors-5.8.0-3.el7.ppc64le.rpm collectd-smart-5.8.0-3.el7.ppc64le.rpm collectd-snmp-5.8.0-3.el7.ppc64le.rpm collectd-utils-5.8.0-3.el7.ppc64le.rpm collectd-virt-5.8.0-3.el7.ppc64le.rpm collectd-write_http-5.8.0-3.el7.ppc64le.rpm collectd-write_sensu-5.8.0-3.el7.ppc64le.rpm collectd-write_tsdb-5.8.0-3.el7.ppc64le.rpm collectd-zookeeper-5.8.0-3.el7.ppc64le.rpm libcollectdclient-5.8.0-3.el7.ppc64le.rpm libcollectdclient-devel-5.8.0-3.el7.ppc64le.rpm x86_64: collectd-5.8.0-3.el7.x86_64.rpm collectd-apache-5.8.0-3.el7.x86_64.rpm collectd-ascent-5.8.0-3.el7.x86_64.rpm collectd-bind-5.8.0-3.el7.x86_64.rpm collectd-ceph-5.8.0-3.el7.x86_64.rpm collectd-chrony-5.8.0-3.el7.x86_64.rpm collectd-curl-5.8.0-3.el7.x86_64.rpm collectd-curl_json-5.8.0-3.el7.x86_64.rpm collectd-curl_xml-5.8.0-3.el7.x86_64.rpm collectd-dbi-5.8.0-3.el7.x86_64.rpm collectd-debuginfo-5.8.0-3.el7.x86_64.rpm collectd-disk-5.8.0-3.el7.x86_64.rpm collectd-dns-5.8.0-3.el7.x86_64.rpm collectd-drbd-5.8.0-3.el7.x86_64.rpm collectd-email-5.8.0-3.el7.x86_64.rpm collectd-generic-jmx-5.8.0-3.el7.x86_64.rpm collectd-hugepages-5.8.0-3.el7.x86_64.rpm collectd-ipmi-5.8.0-3.el7.x86_64.rpm collectd-iptables-5.8.0-3.el7.x86_64.rpm collectd-ipvs-5.8.0-3.el7.x86_64.rpm collectd-java-5.8.0-3.el7.x86_64.rpm collectd-log_logstash-5.8.0-3.el7.x86_64.rpm collectd-lvm-5.8.0-3.el7.x86_64.rpm collectd-mysql-5.8.0-3.el7.x86_64.rpm collectd-netlink-5.8.0-3.el7.x86_64.rpm collectd-nginx-5.8.0-3.el7.x86_64.rpm collectd-notify_email-5.8.0-3.el7.x86_64.rpm collectd-openldap-5.8.0-3.el7.x86_64.rpm collectd-ping-5.8.0-3.el7.x86_64.rpm collectd-postgresql-5.8.0-3.el7.x86_64.rpm collectd-rrdcached-5.8.0-3.el7.x86_64.rpm collectd-rrdtool-5.8.0-3.el7.x86_64.rpm collectd-sensors-5.8.0-3.el7.x86_64.rpm collectd-smart-5.8.0-3.el7.x86_64.rpm collectd-snmp-5.8.0-3.el7.x86_64.rpm collectd-turbostat-5.8.0-3.el7.x86_64.rpm collectd-utils-5.8.0-3.el7.x86_64.rpm collectd-virt-5.8.0-3.el7.x86_64.rpm collectd-write_http-5.8.0-3.el7.x86_64.rpm collectd-write_riemann-5.8.0-3.el7.x86_64.rpm collectd-write_sensu-5.8.0-3.el7.x86_64.rpm collectd-write_tsdb-5.8.0-3.el7.x86_64.rpm collectd-zookeeper-5.8.0-3.el7.x86_64.rpm libcollectdclient-5.8.0-3.el7.x86_64.rpm libcollectdclient-devel-5.8.0-3.el7.x86_64.rpm Red Hat Virtualization Manager4.1: Source: collectd-5.8.0-3.el7.src.rpm x86_64: collectd-5.8.0-3.el7.x86_64.rpm collectd-apache-5.8.0-3.el7.x86_64.rpm collectd-ascent-5.8.0-3.el7.x86_64.rpm collectd-bind-5.8.0-3.el7.x86_64.rpm collectd-ceph-5.8.0-3.el7.x86_64.rpm collectd-chrony-5.8.0-3.el7.x86_64.rpm collectd-curl-5.8.0-3.el7.x86_64.rpm collectd-curl_json-5.8.0-3.el7.x86_64.rpm collectd-curl_xml-5.8.0-3.el7.x86_64.rpm collectd-dbi-5.8.0-3.el7.x86_64.rpm collectd-debuginfo-5.8.0-3.el7.x86_64.rpm collectd-disk-5.8.0-3.el7.x86_64.rpm collectd-dns-5.8.0-3.el7.x86_64.rpm collectd-drbd-5.8.0-3.el7.x86_64.rpm collectd-email-5.8.0-3.el7.x86_64.rpm collectd-generic-jmx-5.8.0-3.el7.x86_64.rpm collectd-hugepages-5.8.0-3.el7.x86_64.rpm collectd-ipmi-5.8.0-3.el7.x86_64.rpm collectd-iptables-5.8.0-3.el7.x86_64.rpm collectd-ipvs-5.8.0-3.el7.x86_64.rpm collectd-java-5.8.0-3.el7.x86_64.rpm collectd-log_logstash-5.8.0-3.el7.x86_64.rpm collectd-lvm-5.8.0-3.el7.x86_64.rpm collectd-mysql-5.8.0-3.el7.x86_64.rpm collectd-netlink-5.8.0-3.el7.x86_64.rpm collectd-nginx-5.8.0-3.el7.x86_64.rpm collectd-notify_email-5.8.0-3.el7.x86_64.rpm collectd-openldap-5.8.0-3.el7.x86_64.rpm collectd-ping-5.8.0-3.el7.x86_64.rpm collectd-postgresql-5.8.0-3.el7.x86_64.rpm collectd-rrdcached-5.8.0-3.el7.x86_64.rpm collectd-rrdtool-5.8.0-3.el7.x86_64.rpm collectd-sensors-5.8.0-3.el7.x86_64.rpm collectd-smart-5.8.0-3.el7.x86_64.rpm collectd-snmp-5.8.0-3.el7.x86_64.rpm collectd-turbostat-5.8.0-3.el7.x86_64.rpm collectd-utils-5.8.0-3.el7.x86_64.rpm collectd-virt-5.8.0-3.el7.x86_64.rpm collectd-write_http-5.8.0-3.el7.x86_64.rpm collectd-write_sensu-5.8.0-3.el7.x86_64.rpm collectd-write_tsdb-5.8.0-3.el7.x86_64.rpm collectd-zookeeper-5.8.0-3.el7.x86_64.rpm libcollectdclient-5.8.0-3.el7.x86_64.rpm libcollectdclient-devel-5.8.0-3.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2017-16820 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFasTi3XlSAg2UNWIIRAr8UAJ9+UCTsHkGSF5JcHxaRwAtH16TfwwCeM3+3 BE6dWSHe0Y4+cH5BOziNFPU=6s+3 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 20, 2018
Red Hat
89
security advisorycriticalsoftware updateFedora 27: FEDORA-2017-f47206eae4 Critical: Collectd Double Free
Upstream released new version. See for the list of changes. Fixes CVE-2017-16820 (double free in snmp plugin). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-f47206eae4 2017-12-10 03:53:15.787247 --------------------------------------------------------------------------------Name : collectd Product : Fedora 27 Version : 5.8.0 Release : 2.fc27 URL : https://collectd.org/ Summary : Statistics collection daemon for filling RRD files Description : collectd is a daemon which collects system performance statistics periodically and provides mechanisms to store the values in a variety of ways, for example in RRD files. --------------------------------------------------------------------------------Update Information: Upstream released new version. See for the list of changes. Fixes CVE-2017-16820 (double free in snmp plugin) --------------------------------------------------------------------------------References: [ 1 ] Bug #1516450 - CVE-2017-16820 collectd: double free in csnmp_read_table function in snmp.c [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1516450 [ 2 ] Bug #1516449 - CVE-2017-16820 collectd: double free in csnmp_read_table function in snmp.c [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1516449 [ 3 ] Bug #1516451 - CVE-2017-16820 collectd: double free in csnmp_read_table function in snmp.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1516451 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade collectd' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Dec 10, 2017
•Critical
Fedora
89
security advisorymoderateFedoraFedora 26: 2017-f9cfcef9d6 Moderate: collectd SNMP Plugin Double Free
Upstream released new version. See for the list of changes. Fixes CVE-2017-16820 (double free in snmp plugin). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-f9cfcef9d6 2017-12-09 21:09:01.033184 --------------------------------------------------------------------------------Name : collectd Product : Fedora 26 Version : 5.8.0 Release : 2.fc26 URL : https://collectd.org/ Summary : Statistics collection daemon for filling RRD files Description : collectd is a daemon which collects system performance statistics periodically and provides mechanisms to store the values in a variety of ways, for example in RRD files. --------------------------------------------------------------------------------Update Information: Upstream released new version. See for the list of changes. Fixes CVE-2017-16820 (double free in snmp plugin) --------------------------------------------------------------------------------References: [ 1 ] Bug #1516450 - CVE-2017-16820 collectd: double free in csnmp_read_table function in snmp.c [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1516450 [ 2 ] Bug #1516449 - CVE-2017-16820 collectd: double free in csnmp_read_table function in snmp.c [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1516449 [ 3 ] Bug #1516451 - CVE-2017-16820 collectd: double free in csnmp_read_table function in snmp.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1516451 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade collectd' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Dec 09, 2017
•Important
Fedora
89
security advisorysecurity updatecriticalFedora: Critical Security Update for Collectd SNMP Plugin Double Free
Upstream released new version. See for the list of changes. Fixes CVE-2017-16820 (double free in snmp plugin). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-d7ab32cc23 2017-12-09 03:57:17.174234 --------------------------------------------------------------------------------Name : collectd Product : Fedora 25 Version : 5.8.0 Release : 2.fc25 URL : Summary : Statistics collection daemon for filling RRD files Description : collectd is a daemon which collects system performance statistics periodically and provides mechanisms to store the values in a variety of ways, for example in RRD files. --------------------------------------------------------------------------------Update Information: Upstream released new version. See for the list of changes. Fixes CVE-2017-16820 (double free in snmp plugin) --------------------------------------------------------------------------------References: [ 1 ] Bug #1516450 - CVE-2017-16820 collectd: double free in csnmp_read_table function in snmp.c [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1516450 [ 2 ] Bug #1516449 - CVE-2017-16820 collectd: double free in csnmp_read_table function in snmp.c [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1516449 [ 3 ] Bug #1516451 - CVE-2017-16820 collectd: double free in csnmp_read_table function in snmp.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1516451 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade collectd' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Dec 09, 2017
•Critical
Fedora
89
security advisorymoderateFedoraFedora 24: FEDORA-2017-6b639afc9c Moderate: collectd Infinite Loop
Fix CVE-2017-7401 collectd: Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions. This is a bug in the network plugin.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-6b639afc9c 2017-04-25 12:28:36.811916 --------------------------------------------------------------------------------Name : collectd Product : Fedora 24 Version : 5.6.2 Release : 1.fc24 URL : https://collectd.org/ Summary : Statistics collection daemon for filling RRD files Description : collectd is a daemon which collects system performance statistics periodically and provides mechanisms to store the values in a variety of ways, for example in RRD files. --------------------------------------------------------------------------------Update Information: Fix CVE-2017-7401 collectd: Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions. This is a bug in the network plugin. --------------------------------------------------------------------------------References: [ 1 ] Bug #1439674 - CVE-2017-7401 collectd: Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions https://bugzilla.redhat.com/show_bug.cgi?id=1439674 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade collectd' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Apr 25, 2017
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!