[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 884-1] collectd security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : collectd
Version        : 5.1.0-3+deb7u3
CVE ID         : CVE-2017-7401
Debian Bug     : #859494

It was discovered that there was an infinite loop vulnerability in collectd, a
statistics collection and monitoring daemon.

When a correct "Signature part" is received by an instance configured without
the AuthFile option, an endless loop occurs in the parse_packet routine due to
a missing pointer increment to the next unprocessed part.

For Debian 7 "Wheezy", this issue has been fixed in collectd version
5.1.0-3+deb7u3.

We recommend that you upgrade your collectd packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAljjuocACgkQHpU+J9Qx
Hlji7A/+IE9WdHAxMfI/M4sbYUnq1eDmoliWLpCTONBKuqhmiYUErz+30xj7J3ht
mS8aDTVAu1DLxPAor8VC6G01lWunkL042UfzN/mqrvgnQB9kR7ola018ez+kcbzN
Mnf48NajVtEQrKcLNgODqInJEvV0e1lfjcJLRT2uX/KgsyZUR8RPlGg3TzawRP37
s3mK7qHIV9dbD/36FKIHwZbKgZC4oImv4dSi31Ciu2/4RIJ9Oao9uM7CiiJyps3q
V1QcGeJt8hPSXgEFivk6Wykt6ij565NZU3PkBVQ9edf1uh+UzGGLGU/fGpaP61nw
IHslpTsVsmrlvB75TSqxQjRJ7sfRDJjzWijADyxLCT7A+FWrJG4dB6E3oyGi3fzb
hGbqp1I/euwO9YOv5P0Ta346jvPIMcOG941Iu17JwjJ9l95TTKG6mDWRe3X9G7kk
4eFhtucyH0fRDTpdWWv55YRMbIaHyqALh65yhrlPIGUQP5uqUWwO+oE0SzyzaSaS
vUgWzfkFmuysxgIx1fXxZ+bQyeNKSTO4wdThn3nLoq726vnR26BuFuvQ1TaBMg/e
4joy3EykDz6+nRbN8IE5TCo8A3itb/RbIiLGhu3XjPjnXP+BmooF+BgKI6Dfcadc
DMr7AOhOoLqaIKnxNWxMzcnuNFoHkQBPOPvh6Nqf07g/7k5bH1w=
=TftR
-----END PGP SIGNATURE-----


Reply to: