SUSE-SU-2024:3533-1
- Source
- https://www.suse.com/support/update/announcement/2024/suse-su-20243533-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:3533-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2024:3533-1
- Related
- Published
- 2024-10-04T14:40:29Z
- Modified
- 2024-10-04T14:40:29Z
- Summary
- Security update for pcp
- Details
-
This update for pcp fixes the following issues:
pcp was updated from version 5.3.7 to version 6.2.0 (jsc#PED-8192, jsc#PED-8389):
Security issues fixed:
- CVE-2024-45770: Fixed a symlink attack that allows escalating from the pcp to the root user (bsc#1230552)
- CVE-2024-45769: Fixed a heap corruption through metric pmstore operations (bsc#1230551)
- CVE-2023-6917: Fixed local privilege escalation from pcp user to root in /usr/libexec/pcp/lib/pmproxy (bsc#1217826)
- CVE-2024-3019: Disabled redis proxy by default (bsc#1222121)
Major changes:
- Add version 3 PCP archive support: instance domain change-deltas,
Y2038-safe timestamps, nanosecond-precision timestamps, arbitrary timezones support, 64-bit file offsets used
throughout for larger (beyond 2GB) individual volumes.
- Opt-in using the /etc/pcp.conf PCPARCHIVEVERSION setting
- Version 2 archives remain the default (for next few years).
- Switch to using OpenSSL only throughout PCP (dropped NSS/NSPR); this impacts on libpcp, PMAPI clients and PMCD use of encryption; these are now configured and used consistently with pmproxy HTTPS support and redis-server, which were both already using OpenSSL.
- New nanosecond precision timestamp PMAPI calls for PCP library interfaces that make use of timestamps.
These are all optional, and full backward compatibility is preserved for existing tools. - For the full list of changes please consult the packaged CHANGELOG file
- Add version 3 PCP archive support: instance domain change-deltas,
Y2038-safe timestamps, nanosecond-precision timestamps, arbitrary timezones support, 64-bit file offsets used
throughout for larger (beyond 2GB) individual volumes.
Other packaging changes:
- Moved pmlogger_daily into main package (bsc#1222815)
- Change dependency from openssl-devel >= 1.1.1 to openssl-devel >= 1.0.2p. Required for SLE-12.
- Introduce 'pmda-resctrl' package, disabled for architectures other than x86_64.
- Change the architecture for various subpackages to 'noarch' as they contain no binaries.
- Disable 'pmda-mssql', as it fails to build.
- References
-
- https://www.suse.com/support/update/announcement/2024/suse-su-20243533-1/
- https://bugzilla.suse.com/1217826
- https://bugzilla.suse.com/1222121
- https://bugzilla.suse.com/1222815
- https://bugzilla.suse.com/1230551
- https://bugzilla.suse.com/1230552
- https://www.suse.com/security/cve/CVE-2023-6917
- https://www.suse.com/security/cve/CVE-2024-3019
- https://www.suse.com/security/cve/CVE-2024-45769
- https://www.suse.com/security/cve/CVE-2024-45770
Affected packages
SUSE:Linux Enterprise Module for Development Tools 15 SP6 / pcp
Package
- Name
- pcp
- Purl
- pkg:rpm/suse/pcp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.2.0-150600.3.6.1
Ecosystem specific
{
"binaries": [
{
"pcp-pmda-perfevent": "6.2.0-150600.3.6.1",
"perl-PCP-MMV": "6.2.0-150600.3.6.1",
"pcp-devel": "6.2.0-150600.3.6.1",
"pcp-doc": "6.2.0-150600.3.6.1",
"perl-PCP-LogSummary": "6.2.0-150600.3.6.1",
"libpcp_gui2": "6.2.0-150600.3.6.1",
"libpcp3": "6.2.0-150600.3.6.1",
"pcp-system-tools": "6.2.0-150600.3.6.1",
"python3-pcp": "6.2.0-150600.3.6.1",
"libpcp_web1": "6.2.0-150600.3.6.1",
"perl-PCP-PMDA": "6.2.0-150600.3.6.1",
"libpcp_trace2": "6.2.0-150600.3.6.1",
"pcp-import-mrtg2pcp": "6.2.0-150600.3.6.1",
"perl-PCP-LogImport": "6.2.0-150600.3.6.1",
"pcp-import-sar2pcp": "6.2.0-150600.3.6.1",
"pcp-import-iostat2pcp": "6.2.0-150600.3.6.1",
"libpcp-devel": "6.2.0-150600.3.6.1",
"libpcp_mmv1": "6.2.0-150600.3.6.1",
"pcp-conf": "6.2.0-150600.3.6.1",
"pcp": "6.2.0-150600.3.6.1",
"libpcp_import1": "6.2.0-150600.3.6.1"
}
]
}
openSUSE:Leap 15.6 / pcp
Package
- Name
- pcp
- Purl
- pkg:rpm/opensuse/pcp&distro=openSUSE%20Leap%2015.6
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.2.0-150600.3.6.1
Ecosystem specific
{
"binaries": [
{
"pcp-pmda-ds389": "6.2.0-150600.3.6.1",
"pcp-pmda-perfevent": "6.2.0-150600.3.6.1",
"pcp-pmda-elasticsearch": "6.2.0-150600.3.6.1",
"pcp-system-tools": "6.2.0-150600.3.6.1",
"libpcp_trace2": "6.2.0-150600.3.6.1",
"pcp-import-sar2pcp": "6.2.0-150600.3.6.1",
"pcp-pmda-json": "6.2.0-150600.3.6.1",
"pcp-pmda-rabbitmq": "6.2.0-150600.3.6.1",
"libpcp_mmv1": "6.2.0-150600.3.6.1",
"pcp-pmda-nginx": "6.2.0-150600.3.6.1",
"pcp-pmda-lmsensors": "6.2.0-150600.3.6.1",
"pcp-pmda-hacluster": "6.2.0-150600.3.6.1",
"pcp-pmda-oracle": "6.2.0-150600.3.6.1",
"pcp-pmda-sockets": "6.2.0-150600.3.6.1",
"pcp-export-pcp2xml": "6.2.0-150600.3.6.1",
"pcp-gui": "6.2.0-150600.3.6.1",
"pcp-devel": "6.2.0-150600.3.6.1",
"pcp-doc": "6.2.0-150600.3.6.1",
"pcp-pmda-nvidia-gpu": "6.2.0-150600.3.6.1",
"pcp-export-pcp2json": "6.2.0-150600.3.6.1",
"pcp-pmda-lustrecomm": "6.2.0-150600.3.6.1",
"libpcp_gui2": "6.2.0-150600.3.6.1",
"pcp-import-ganglia2pcp": "6.2.0-150600.3.6.1",
"pcp-import-collectl2pcp": "6.2.0-150600.3.6.1",
"pcp-pmda-openmetrics": "6.2.0-150600.3.6.1",
"libpcp_web1": "6.2.0-150600.3.6.1",
"pcp-pmda-smart": "6.2.0-150600.3.6.1",
"pcp-pmda-openvswitch": "6.2.0-150600.3.6.1",
"pcp-pmda-postfix": "6.2.0-150600.3.6.1",
"perl-PCP-PMDA": "6.2.0-150600.3.6.1",
"pcp-pmda-zswap": "6.2.0-150600.3.6.1",
"pcp-import-iostat2pcp": "6.2.0-150600.3.6.1",
"pcp-pmda-roomtemp": "6.2.0-150600.3.6.1",
"pcp-pmda-nfsclient": "6.2.0-150600.3.6.1",
"pcp-pmda-gpfs": "6.2.0-150600.3.6.1",
"pcp-testsuite": "6.2.0-150600.3.6.1",
"pcp": "6.2.0-150600.3.6.1",
"libpcp_import1": "6.2.0-150600.3.6.1",
"pcp-pmda-logger": "6.2.0-150600.3.6.1",
"pcp-pmda-systemd": "6.2.0-150600.3.6.1",
"pcp-export-pcp2graphite": "6.2.0-150600.3.6.1",
"pcp-pmda-samba": "6.2.0-150600.3.6.1",
"pcp-pmda-mysql": "6.2.0-150600.3.6.1",
"pcp-pmda-gpsd": "6.2.0-150600.3.6.1",
"pcp-pmda-shping": "6.2.0-150600.3.6.1",
"pcp-pmda-memcache": "6.2.0-150600.3.6.1",
"pcp-pmda-weblog": "6.2.0-150600.3.6.1",
"pcp-pmda-dbping": "6.2.0-150600.3.6.1",
"pcp-pmda-sendmail": "6.2.0-150600.3.6.1",
"pcp-pmda-nutcracker": "6.2.0-150600.3.6.1",
"libpcp3": "6.2.0-150600.3.6.1",
"pcp-pmda-ds389log": "6.2.0-150600.3.6.1",
"python3-pcp": "6.2.0-150600.3.6.1",
"pcp-pmda-gluster": "6.2.0-150600.3.6.1",
"perl-PCP-LogSummary": "6.2.0-150600.3.6.1",
"pcp-pmda-lustre": "6.2.0-150600.3.6.1",
"pcp-pmda-named": "6.2.0-150600.3.6.1",
"pcp-zeroconf": "6.2.0-150600.3.6.1",
"pcp-export-pcp2influxdb": "6.2.0-150600.3.6.1",
"libpcp-devel": "6.2.0-150600.3.6.1",
"pcp-pmda-gfs2": "6.2.0-150600.3.6.1",
"pcp-pmda-activemq": "6.2.0-150600.3.6.1",
"pcp-conf": "6.2.0-150600.3.6.1",
"pcp-pmda-haproxy": "6.2.0-150600.3.6.1",
"pcp-pmda-docker": "6.2.0-150600.3.6.1",
"pcp-pmda-mailq": "6.2.0-150600.3.6.1",
"pcp-export-pcp2zabbix": "6.2.0-150600.3.6.1",
"pcp-pmda-bonding": "6.2.0-150600.3.6.1",
"pcp-pmda-trace": "6.2.0-150600.3.6.1",
"pcp-pmda-dm": "6.2.0-150600.3.6.1",
"pcp-pmda-unbound": "6.2.0-150600.3.6.1",
"pcp-pmda-snmp": "6.2.0-150600.3.6.1",
"pcp-pmda-apache": "6.2.0-150600.3.6.1",
"pcp-pmda-redis": "6.2.0-150600.3.6.1",
"pcp-pmda-cifs": "6.2.0-150600.3.6.1",
"pcp-pmda-mounts": "6.2.0-150600.3.6.1",
"pcp-pmda-netfilter": "6.2.0-150600.3.6.1",
"pcp-pmda-summary": "6.2.0-150600.3.6.1",
"pcp-pmda-slurm": "6.2.0-150600.3.6.1",
"perl-PCP-MMV": "6.2.0-150600.3.6.1",
"pcp-export-pcp2spark": "6.2.0-150600.3.6.1",
"pcp-pmda-pdns": "6.2.0-150600.3.6.1",
"pcp-import-mrtg2pcp": "6.2.0-150600.3.6.1",
"pcp-pmda-cisco": "6.2.0-150600.3.6.1",
"pcp-pmda-rsyslog": "6.2.0-150600.3.6.1",
"pcp-pmda-mic": "6.2.0-150600.3.6.1",
"pcp-pmda-infiniband": "6.2.0-150600.3.6.1",
"pcp-pmda-netcheck": "6.2.0-150600.3.6.1",
"perl-PCP-LogImport": "6.2.0-150600.3.6.1",
"pcp-export-pcp2elasticsearch": "6.2.0-150600.3.6.1",
"pcp-pmda-bash": "6.2.0-150600.3.6.1",
"pcp-pmda-news": "6.2.0-150600.3.6.1",
"pcp-pmda-zimbra": "6.2.0-150600.3.6.1"
}
]
}