ALAS-2017-829


Amazon Linux AMI Security Advisory: ALAS-2017-829
Advisory Release Date: 2017-05-19 03:37 Pacific
Severity: Medium
References: CVE-2017-7401 

Issue Overview:

Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions:
Collectd contains an infinite loop due to how the parse_packet() and parse_part_sign_sha256() functions interact. If an instance of collectd is configured with "SecurityLevel None" and with empty "AuthFile" options an attacker can send crafted UDP packets that trigger the infinite loop, causing a denial of service. (CVE-2017-7401 )


Affected Packages:

collectd


Issue Correction:
Run yum update collectd to update your system.

New Packages:
i686:
    collectd-rrdtool-5.7.1-3.18.amzn1.i686
    collectd-memcachec-5.7.1-3.18.amzn1.i686
    collectd-rrdcached-5.7.1-3.18.amzn1.i686
    collectd-curl_xml-5.7.1-3.18.amzn1.i686
    collectd-hugepages-5.7.1-3.18.amzn1.i686
    collectd-python-5.7.1-3.18.amzn1.i686
    libcollectdclient-5.7.1-3.18.amzn1.i686
    collectd-chrony-5.7.1-3.18.amzn1.i686
    collectd-gmond-5.7.1-3.18.amzn1.i686
    collectd-email-5.7.1-3.18.amzn1.i686
    collectd-netlink-5.7.1-3.18.amzn1.i686
    collectd-generic-jmx-5.7.1-3.18.amzn1.i686
    collectd-write_http-5.7.1-3.18.amzn1.i686
    collectd-postgresql-5.7.1-3.18.amzn1.i686
    collectd-amqp-5.7.1-3.18.amzn1.i686
    collectd-zookeeper-5.7.1-3.18.amzn1.i686
    collectd-dns-5.7.1-3.18.amzn1.i686
    collectd-5.7.1-3.18.amzn1.i686
    collectd-apache-5.7.1-3.18.amzn1.i686
    collectd-dbi-5.7.1-3.18.amzn1.i686
    collectd-lvm-5.7.1-3.18.amzn1.i686
    collectd-web-5.7.1-3.18.amzn1.i686
    collectd-bind-5.7.1-3.18.amzn1.i686
    collectd-java-5.7.1-3.18.amzn1.i686
    collectd-varnish-5.7.1-3.18.amzn1.i686
    collectd-iptables-5.7.1-3.18.amzn1.i686
    collectd-debuginfo-5.7.1-3.18.amzn1.i686
    collectd-write_sensu-5.7.1-3.18.amzn1.i686
    collectd-write_tsdb-5.7.1-3.18.amzn1.i686
    collectd-snmp-5.7.1-3.18.amzn1.i686
    collectd-utils-5.7.1-3.18.amzn1.i686
    collectd-ipmi-5.7.1-3.18.amzn1.i686
    collectd-curl-5.7.1-3.18.amzn1.i686
    collectd-drbd-5.7.1-3.18.amzn1.i686
    libcollectdclient-devel-5.7.1-3.18.amzn1.i686
    collectd-nginx-5.7.1-3.18.amzn1.i686
    collectd-notify_email-5.7.1-3.18.amzn1.i686
    collectd-mysql-5.7.1-3.18.amzn1.i686
    perl-Collectd-5.7.1-3.18.amzn1.i686
    collectd-lua-5.7.1-3.18.amzn1.i686
    collectd-ipvs-5.7.1-3.18.amzn1.i686
    collectd-openldap-5.7.1-3.18.amzn1.i686

src:
    collectd-5.7.1-3.18.amzn1.src

x86_64:
    collectd-memcachec-5.7.1-3.18.amzn1.x86_64
    collectd-curl_xml-5.7.1-3.18.amzn1.x86_64
    collectd-bind-5.7.1-3.18.amzn1.x86_64
    collectd-lua-5.7.1-3.18.amzn1.x86_64
    collectd-java-5.7.1-3.18.amzn1.x86_64
    collectd-snmp-5.7.1-3.18.amzn1.x86_64
    collectd-write_sensu-5.7.1-3.18.amzn1.x86_64
    collectd-dns-5.7.1-3.18.amzn1.x86_64
    libcollectdclient-5.7.1-3.18.amzn1.x86_64
    collectd-apache-5.7.1-3.18.amzn1.x86_64
    collectd-ipmi-5.7.1-3.18.amzn1.x86_64
    collectd-lvm-5.7.1-3.18.amzn1.x86_64
    collectd-chrony-5.7.1-3.18.amzn1.x86_64
    collectd-mysql-5.7.1-3.18.amzn1.x86_64
    collectd-nginx-5.7.1-3.18.amzn1.x86_64
    collectd-netlink-5.7.1-3.18.amzn1.x86_64
    collectd-varnish-5.7.1-3.18.amzn1.x86_64
    collectd-amqp-5.7.1-3.18.amzn1.x86_64
    collectd-iptables-5.7.1-3.18.amzn1.x86_64
    perl-Collectd-5.7.1-3.18.amzn1.x86_64
    collectd-drbd-5.7.1-3.18.amzn1.x86_64
    collectd-python-5.7.1-3.18.amzn1.x86_64
    collectd-generic-jmx-5.7.1-3.18.amzn1.x86_64
    collectd-email-5.7.1-3.18.amzn1.x86_64
    collectd-postgresql-5.7.1-3.18.amzn1.x86_64
    collectd-5.7.1-3.18.amzn1.x86_64
    collectd-write_http-5.7.1-3.18.amzn1.x86_64
    collectd-web-5.7.1-3.18.amzn1.x86_64
    collectd-debuginfo-5.7.1-3.18.amzn1.x86_64
    collectd-dbi-5.7.1-3.18.amzn1.x86_64
    collectd-openldap-5.7.1-3.18.amzn1.x86_64
    collectd-rrdcached-5.7.1-3.18.amzn1.x86_64
    collectd-notify_email-5.7.1-3.18.amzn1.x86_64
    libcollectdclient-devel-5.7.1-3.18.amzn1.x86_64
    collectd-zookeeper-5.7.1-3.18.amzn1.x86_64
    collectd-rrdtool-5.7.1-3.18.amzn1.x86_64
    collectd-utils-5.7.1-3.18.amzn1.x86_64
    collectd-write_tsdb-5.7.1-3.18.amzn1.x86_64
    collectd-curl-5.7.1-3.18.amzn1.x86_64
    collectd-ipvs-5.7.1-3.18.amzn1.x86_64
    collectd-hugepages-5.7.1-3.18.amzn1.x86_64
    collectd-gmond-5.7.1-3.18.amzn1.x86_64