[Secure-testing-team] Bug#859494: collectd: CVE-2017-7401
Salvatore Bonaccorso
carnil at debian.org
Tue Apr 4 10:38:19 UTC 2017
Source: collectd
Version: 5.4.1-6
Severity: important
Tags: security patch upstream
Hi,
the following vulnerability was published for collectd.
CVE-2017-7401[0]:
| Incorrect interaction of the parse_packet() and
| parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and
| earlier allows remote attackers to cause a denial of service (infinite
| loop) of a collectd instance (configured with "SecurityLevel None" and
| with empty "AuthFile" options) via a crafted UDP packet.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-7401
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7401
[1] https://github.com/collectd/collectd/issues/2174
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list