The following flaw was found in collectd: Emilien Gaspar has identified a heap overflow in collectd's network plugin which can be triggered remotely and is potentially exploitable. The identifier CVE-2016-6254 has been assigned to this issue. This issue has been fixed in the released 5.5.2 and 5.4.3. Upstream patches: https://github.com/collectd/collectd/commit/b589096f907052b3a4da2b9ccc9b0e2e888dfc18 https://github.com/collectd/collectd/commit/8b4fed9940e02138b7e273e56863df03d1a39ef7 The second patch is unrelated to CVE-2016-6254. It fixes an initialization issue with libgcrypt which could theoretically lead to a half-initialized library being used.
Created collectd tracking bugs for this issue: Affects: fedora-all [bug 1360710] Affects: epel-all [bug 1360711]