Amazon Linux 1 Security Advisory: ALAS-2017-829
Advisory Release Date: 2017-05-18 18:58 Pacific
Advisory Updated Date: 2017-05-19 03:37 Pacific
Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions:
Collectd contains an infinite loop due to how the parse_packet() and parse_part_sign_sha256() functions interact. If an instance of collectd is configured with "SecurityLevel None" and with empty "AuthFile" options an attacker can send crafted UDP packets that trigger the infinite loop, causing a denial of service. (CVE-2017-7401)
Affected Packages:
collectd
Issue Correction:
Run yum update collectd to update your system.
i686:
collectd-rrdtool-5.7.1-3.18.amzn1.i686
collectd-memcachec-5.7.1-3.18.amzn1.i686
collectd-rrdcached-5.7.1-3.18.amzn1.i686
collectd-curl_xml-5.7.1-3.18.amzn1.i686
collectd-hugepages-5.7.1-3.18.amzn1.i686
collectd-python-5.7.1-3.18.amzn1.i686
libcollectdclient-5.7.1-3.18.amzn1.i686
collectd-chrony-5.7.1-3.18.amzn1.i686
collectd-gmond-5.7.1-3.18.amzn1.i686
collectd-email-5.7.1-3.18.amzn1.i686
collectd-netlink-5.7.1-3.18.amzn1.i686
collectd-generic-jmx-5.7.1-3.18.amzn1.i686
collectd-write_http-5.7.1-3.18.amzn1.i686
collectd-postgresql-5.7.1-3.18.amzn1.i686
collectd-amqp-5.7.1-3.18.amzn1.i686
collectd-zookeeper-5.7.1-3.18.amzn1.i686
collectd-dns-5.7.1-3.18.amzn1.i686
collectd-5.7.1-3.18.amzn1.i686
collectd-apache-5.7.1-3.18.amzn1.i686
collectd-dbi-5.7.1-3.18.amzn1.i686
collectd-lvm-5.7.1-3.18.amzn1.i686
collectd-web-5.7.1-3.18.amzn1.i686
collectd-bind-5.7.1-3.18.amzn1.i686
collectd-java-5.7.1-3.18.amzn1.i686
collectd-varnish-5.7.1-3.18.amzn1.i686
collectd-iptables-5.7.1-3.18.amzn1.i686
collectd-debuginfo-5.7.1-3.18.amzn1.i686
collectd-write_sensu-5.7.1-3.18.amzn1.i686
collectd-write_tsdb-5.7.1-3.18.amzn1.i686
collectd-snmp-5.7.1-3.18.amzn1.i686
collectd-utils-5.7.1-3.18.amzn1.i686
collectd-ipmi-5.7.1-3.18.amzn1.i686
collectd-curl-5.7.1-3.18.amzn1.i686
collectd-drbd-5.7.1-3.18.amzn1.i686
libcollectdclient-devel-5.7.1-3.18.amzn1.i686
collectd-nginx-5.7.1-3.18.amzn1.i686
collectd-notify_email-5.7.1-3.18.amzn1.i686
collectd-mysql-5.7.1-3.18.amzn1.i686
perl-Collectd-5.7.1-3.18.amzn1.i686
collectd-lua-5.7.1-3.18.amzn1.i686
collectd-ipvs-5.7.1-3.18.amzn1.i686
collectd-openldap-5.7.1-3.18.amzn1.i686
src:
collectd-5.7.1-3.18.amzn1.src
x86_64:
collectd-memcachec-5.7.1-3.18.amzn1.x86_64
collectd-curl_xml-5.7.1-3.18.amzn1.x86_64
collectd-bind-5.7.1-3.18.amzn1.x86_64
collectd-lua-5.7.1-3.18.amzn1.x86_64
collectd-java-5.7.1-3.18.amzn1.x86_64
collectd-snmp-5.7.1-3.18.amzn1.x86_64
collectd-write_sensu-5.7.1-3.18.amzn1.x86_64
collectd-dns-5.7.1-3.18.amzn1.x86_64
libcollectdclient-5.7.1-3.18.amzn1.x86_64
collectd-apache-5.7.1-3.18.amzn1.x86_64
collectd-ipmi-5.7.1-3.18.amzn1.x86_64
collectd-lvm-5.7.1-3.18.amzn1.x86_64
collectd-chrony-5.7.1-3.18.amzn1.x86_64
collectd-mysql-5.7.1-3.18.amzn1.x86_64
collectd-nginx-5.7.1-3.18.amzn1.x86_64
collectd-netlink-5.7.1-3.18.amzn1.x86_64
collectd-varnish-5.7.1-3.18.amzn1.x86_64
collectd-amqp-5.7.1-3.18.amzn1.x86_64
collectd-iptables-5.7.1-3.18.amzn1.x86_64
perl-Collectd-5.7.1-3.18.amzn1.x86_64
collectd-drbd-5.7.1-3.18.amzn1.x86_64
collectd-python-5.7.1-3.18.amzn1.x86_64
collectd-generic-jmx-5.7.1-3.18.amzn1.x86_64
collectd-email-5.7.1-3.18.amzn1.x86_64
collectd-postgresql-5.7.1-3.18.amzn1.x86_64
collectd-5.7.1-3.18.amzn1.x86_64
collectd-write_http-5.7.1-3.18.amzn1.x86_64
collectd-web-5.7.1-3.18.amzn1.x86_64
collectd-debuginfo-5.7.1-3.18.amzn1.x86_64
collectd-dbi-5.7.1-3.18.amzn1.x86_64
collectd-openldap-5.7.1-3.18.amzn1.x86_64
collectd-rrdcached-5.7.1-3.18.amzn1.x86_64
collectd-notify_email-5.7.1-3.18.amzn1.x86_64
libcollectdclient-devel-5.7.1-3.18.amzn1.x86_64
collectd-zookeeper-5.7.1-3.18.amzn1.x86_64
collectd-rrdtool-5.7.1-3.18.amzn1.x86_64
collectd-utils-5.7.1-3.18.amzn1.x86_64
collectd-write_tsdb-5.7.1-3.18.amzn1.x86_64
collectd-curl-5.7.1-3.18.amzn1.x86_64
collectd-ipvs-5.7.1-3.18.amzn1.x86_64
collectd-hugepages-5.7.1-3.18.amzn1.x86_64
collectd-gmond-5.7.1-3.18.amzn1.x86_64