[3.5] collectd: heap overflow in the network plugin (CVE-2016-6254)
A heap overflow in collectd’s network plugin which can be triggered remotely and is potentially exploitable.
Fixed In Version:
collectd 5.5.2, collectd 5.4.3
References:
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-6254
Patches:
https://github.com/collectd/collectd/commit/b589096f907052b3a4da2b9ccc9b0e2e888dfc18
https://github.com/collectd/collectd/commit/8b4fed9940e02138b7e273e56863df03d1a39ef7
The second patch is unrelated to CVE-2016-6254. It fixes an initialization issue with libgcrypt which could theoretically lead to a half-initialized library being used.
(from redmine: issue id 5988, created on 2016-08-03, closed on 2016-12-15)
- Relations:
- parent #5987 (closed)
- Changesets:
- Revision ac94d4b9 on 2016-08-08T06:38:23Z:
main/collectd: security upgrade to 5.5.2 (CVE-2016-6254). Fixes #5988