ALAS-2016-739

Amazon Linux 1 Security Advisory: ALAS-2016-739
Advisory Release Date: 2016-09-01 18:00 Pacific
Advisory Updated Date: 2016-09-01 18:00 Pacific
Severity: Medium
Issue Overview:

A heap-based buffer overflow in the parse_packet function in network.c in collectd allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet.


Affected Packages:

collectd


Issue Correction:
Run yum update collectd to update your system.

New Packages:
i686:
    collectd-gmond-5.4.1-1.11.amzn1.i686
    collectd-java-5.4.1-1.11.amzn1.i686
    collectd-lvm-5.4.1-1.11.amzn1.i686
    collectd-bind-5.4.1-1.11.amzn1.i686
    collectd-ipvs-5.4.1-1.11.amzn1.i686
    collectd-rrdcached-5.4.1-1.11.amzn1.i686
    collectd-generic-jmx-5.4.1-1.11.amzn1.i686
    collectd-amqp-5.4.1-1.11.amzn1.i686
    collectd-memcachec-5.4.1-1.11.amzn1.i686
    collectd-postgresql-5.4.1-1.11.amzn1.i686
    collectd-web-5.4.1-1.11.amzn1.i686
    collectd-dbi-5.4.1-1.11.amzn1.i686
    collectd-email-5.4.1-1.11.amzn1.i686
    collectd-mysql-5.4.1-1.11.amzn1.i686
    collectd-rrdtool-5.4.1-1.11.amzn1.i686
    collectd-curl_xml-5.4.1-1.11.amzn1.i686
    collectd-nginx-5.4.1-1.11.amzn1.i686
    collectd-snmp-5.4.1-1.11.amzn1.i686
    perl-Collectd-5.4.1-1.11.amzn1.i686
    collectd-curl-5.4.1-1.11.amzn1.i686
    collectd-notify_email-5.4.1-1.11.amzn1.i686
    collectd-debuginfo-5.4.1-1.11.amzn1.i686
    collectd-ipmi-5.4.1-1.11.amzn1.i686
    collectd-5.4.1-1.11.amzn1.i686
    collectd-iptables-5.4.1-1.11.amzn1.i686
    collectd-dns-5.4.1-1.11.amzn1.i686
    collectd-varnish-5.4.1-1.11.amzn1.i686
    collectd-apache-5.4.1-1.11.amzn1.i686
    collectd-netlink-5.4.1-1.11.amzn1.i686

src:
    collectd-5.4.1-1.11.amzn1.src

x86_64:
    collectd-web-5.4.1-1.11.amzn1.x86_64
    collectd-5.4.1-1.11.amzn1.x86_64
    collectd-postgresql-5.4.1-1.11.amzn1.x86_64
    collectd-gmond-5.4.1-1.11.amzn1.x86_64
    collectd-mysql-5.4.1-1.11.amzn1.x86_64
    collectd-snmp-5.4.1-1.11.amzn1.x86_64
    collectd-rrdcached-5.4.1-1.11.amzn1.x86_64
    collectd-varnish-5.4.1-1.11.amzn1.x86_64
    collectd-notify_email-5.4.1-1.11.amzn1.x86_64
    collectd-apache-5.4.1-1.11.amzn1.x86_64
    collectd-generic-jmx-5.4.1-1.11.amzn1.x86_64
    collectd-lvm-5.4.1-1.11.amzn1.x86_64
    collectd-rrdtool-5.4.1-1.11.amzn1.x86_64
    collectd-memcachec-5.4.1-1.11.amzn1.x86_64
    collectd-netlink-5.4.1-1.11.amzn1.x86_64
    collectd-java-5.4.1-1.11.amzn1.x86_64
    collectd-ipvs-5.4.1-1.11.amzn1.x86_64
    collectd-ipmi-5.4.1-1.11.amzn1.x86_64
    collectd-bind-5.4.1-1.11.amzn1.x86_64
    collectd-debuginfo-5.4.1-1.11.amzn1.x86_64
    collectd-email-5.4.1-1.11.amzn1.x86_64
    collectd-dbi-5.4.1-1.11.amzn1.x86_64
    collectd-curl_xml-5.4.1-1.11.amzn1.x86_64
    collectd-nginx-5.4.1-1.11.amzn1.x86_64
    collectd-curl-5.4.1-1.11.amzn1.x86_64
    collectd-dns-5.4.1-1.11.amzn1.x86_64
    perl-Collectd-5.4.1-1.11.amzn1.x86_64
    collectd-iptables-5.4.1-1.11.amzn1.x86_64
    collectd-amqp-5.4.1-1.11.amzn1.x86_64

Additional References

Red Hat: CVE-2016-6254

Mitre: CVE-2016-6254