Bug 990853 (CVE-2016-6254) - VUL-0: CVE-2016-6254: collectd: heap overflow in the network plug-in
Summary: VUL-0: CVE-2016-6254: collectd: heap overflow in the network plug-in
Status: RESOLVED FIXED
Alias: CVE-2016-6254
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/171400/
Whiteboard: CVSSv2:RedHat:CVE-2016-6254:4.3:(AV:N...
Keywords:
Depends on:
Blocks:
 
Reported: 2016-07-27 12:31 UTC by Andreas Stieger
Modified: 2020-04-23 12:06 UTC (History)
7 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2016-07-27 12:31:02 UTC 
via rh#1360709

The following flaw was found in collectd:

Emilien Gaspar has identified a heap overflow in collectd's network plugin which can be triggered remotely and is potentially exploitable. The identifier CVE-2016-6254 has been assigned to this issue.

This issue has been fixed in the released 5.5.2 and 5.4.3.

Upstream patches:

https://github.com/collectd/collectd/commit/b589096f907052b3a4da2b9ccc9b0e2e888dfc18
https://github.com/collectd/collectd/commit/8b4fed9940e02138b7e273e56863df03d1a39ef7

The second patch is unrelated to CVE-2016-6254. It fixes an initialization issue with libgcrypt which could theoretically lead to a half-initialized library being used.


References:
https://bugzilla.redhat.com/show_bug.cgi?id=1360709
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6254
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6254.html
Comment 1 Andreas Stieger 2016-07-27 12:36:25 UTC 
openSUSE is affected.
Comment 4 Stefan Schubert 2016-08-01 13:37:29 UTC 
I have fixed it:
created request id 118759
Back to security.
Comment 6 Stefan Schubert 2016-08-16 09:23:02 UTC 
The SR has been declined.
https://build.suse.de/request/show/118759
Leonardo, Andreas could you please tell me which branch you would like to have ?
Comment 7 Leonardo Chiquitto 2016-08-16 10:52:59 UTC 
The submission target is SUSE:SLE-11-SP2:Update. We never released an update for collectd, so the latest sources of this package is still in one of the old projects which are no longer used: SUSE:SLE-11-SP2:Update:Products:Test.

One solution option:

> $ iosc branch -M -N SUSE:SLE-11-SP2:Update/collectd
> $ iosc copypac -K SUSE:SLE-11-SP2:Update:Products:Test/collectd \
>   home:schubi2:branches:SUSE:SLE-11-SP2:Update/collectd.SUSE_SLE-11-SP2_Update
> <add the fix for this bug>
> $ iosc mr home:schubi2:branches:SUSE:SLE-11-SP2:Update \
>   collectd.SUSE_SLE-11-SP2_Update SUSE:SLE-11-SP2:Update
Comment 8 Stefan Schubert 2016-08-16 14:48:46 UTC 
OK, next try : SR 119671 . There is anyhow an fix from Rudi too.
Comment 11 Swamp Workflow Management 2016-08-30 11:09:50 UTC 
SUSE-SU-2016:2187-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 990853
CVE References: CVE-2016-6254
Sources used:
SUSE Webyast 1.3 (src):    collectd-4.9.4-0.25.1
SUSE Lifecycle Management Server 1.3 (src):    collectd-4.9.4-0.25.1
Comment 13 Alexandros Toptsoglou 2020-04-23 12:06:17 UTC 
all done closing