[3.1] collectd: heap overflow in the network plugin (CVE-2016-6254)
A heap overflow in collectd’s network plugin which can be triggered remotely and is potentially exploitable.
Fixed In Version:
collectd 5.5.2, collectd 5.4.3
The second patch is unrelated to CVE-2016-6254. It fixes an initialization issue with libgcrypt which could theoretically lead to a half-initialized library being used.
(from redmine: issue id 5992, created on 2016-08-03, closed on 2016-12-15)
- parent #5987 (closed)
- Revision 67311d9c by Sergei Lukin on 2016-12-15T08:17:30Z:
main/collectd: security upgrade to 5.4.3 - fixes #5992 CVE-2016-6254
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information