Early Access — Mondoo Vulnerability Intelligence is currently in preview.

SUSE-SU-2024:3976-1

UNKNOWN

Security update for pcp

Published Nov 12, 2024

Modified 1 years ago

Fix available

Details

This update for pcp fixes the following issues:

pcp was updated from version 3.11.9 to version 6.2.0 (jsc#PED-8192, jsc#PED-8389):

Security issues fixed:
- CVE-2024-45770: Fixed a symlink attack that allows escalating from the pcp to the root user (bsc#1230552)
- CVE-2024-45769: Fixed a heap corruption through metric pmstore operations (bsc#1230551)
- CVE-2023-6917: Fixed local privilege escalation from pcp user to root in /usr/libexec/pcp/lib/pmproxy (bsc#1217826)
- CVE-2024-3019: Disabled redis proxy by default (bsc#1222121)
Major changes:
- Add version 3 PCP archive support: instance domain change-deltas, Y2038-safe timestamps, nanosecond-precision timestamps, arbitrary timezones support, 64-bit file offsets used throughout for larger (beyond 2GB) individual volumes.
  - Opt-in using the /etc/pcp.conf PCP_ARCHIVE_VERSION setting
  - Version 2 archives remain the default (for next few years).
- Switch to using OpenSSL only throughout PCP (dropped NSS/NSPR); this impacts on libpcp, PMAPI clients and PMCD use of encryption; these are now configured and used consistently with pmproxy HTTPS support and redis-server, which were both already using OpenSSL.
- New nanosecond precision timestamp PMAPI calls for PCP library interfaces that make use of timestamps.
  These are all optional, and full backward compatibility is preserved for existing tools.
- For the full list of changes please consult the packaged CHANGELOG file
Other packaging changes:
- Reintroduce libuv support for SUSE Linux Enterprise 15 (bsc#1231345)
- Moved pmlogger_daily into main package (bsc#1222815)
- Switched logutil and pmieutil scripts from Type=oneshot to Type=exec (bsc#1186511)
- Change dependency from openssl-devel >= 1.1.1 to openssl-devel >= 1.0.2p. Required for SUSE Linux Enterprise 12.
- Disabled 'pmda-infiniband' subpackage for SUSE Linux Enterprise 12 to resolve build issues.
- Introduce 'pmda-resctrl' package, disabled for architectures other than x86_64.
- Change the architecture for various subpackages to 'noarch' as they contain no binaries.
- Disable 'pmda-mssql', as it fails to build.

Affected Packages

SUSE:Linux Enterprise Software Development Kit 12 SP5libpcp-devel

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5libpcp3

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5libpcp_gui2

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5libpcp_import1

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5libpcp_mmv1

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5libpcp_trace2

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5libpcp_web1

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-conf

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-devel

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-doc

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-export-pcp2graphite

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-export-pcp2influxdb

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-import-collectl2pcp

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-import-ganglia2pcp

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-import-iostat2pcp

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-import-mrtg2pcp

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-import-sar2pcp

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-activemq

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-apache

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-bash

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-bind2

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-bonding

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-cifs

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-cisco

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-dbping

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-dm

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-docker

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-ds389

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-ds389log

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-elasticsearch

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-gfs2

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-gluster

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-gpfs

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-gpsd

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-lmsensors

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-logger

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-lustre

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-lustrecomm

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-mailq

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-memcache

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-mic

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-mounts

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-mysql

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-named

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-netfilter

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-news

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-nfsclient

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-nginx

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-nutcracker

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-nvidia-gpu

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-oracle

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-pdns

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-perfevent

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-postfix

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-redis

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-roomtemp

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-rsyslog

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-samba

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-sendmail

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-shping

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-slurm

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-snmp

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-summary

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-systemd

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-trace

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-unbound

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-weblog

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-zimbra

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-pmda-zswap

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5pcp-system-tools

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5perl-PCP-LogImport

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5perl-PCP-LogSummary

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5perl-PCP-MMV

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5perl-PCP-PMDA

Fixed in:

6.2.0-6.29.2

SUSE:Linux Enterprise Software Development Kit 12 SP5python3-pcp

Fixed in:

6.2.0-6.29.2

References

REPORThttps://bugzilla.suse.com/1186511 REPORThttps://bugzilla.suse.com/1217826 REPORThttps://bugzilla.suse.com/1222121 REPORThttps://bugzilla.suse.com/1222815 REPORThttps://bugzilla.suse.com/1230551 REPORThttps://bugzilla.suse.com/1230552 REPORThttps://bugzilla.suse.com/1231345 WEBhttps://www.suse.com/security/cve/CVE-2023-6917 WEBhttps://www.suse.com/security/cve/CVE-2024-3019 WEBhttps://www.suse.com/security/cve/CVE-2024-45769 WEBhttps://www.suse.com/security/cve/CVE-2024-45770 ADVISORYhttps://www.suse.com/support/update/announcement/2024/suse-su-20243976-1/

Upstream

CVE-2023-6917 CVE-2024-3019 CVE-2024-45769 CVE-2024-45770

Related

CVE-2023-6917 CVE-2024-3019 CVE-2024-45769 CVE-2024-45770

Ecosystems

SUSE Linux Enterprise Software Development Kit 12 SP5

Timeline

PublishedNov 12, 2024

ModifiedNov 12, 2024

SUSE-SU-2024:3976-1 | Mondoo Vulnerability Intelligence