Security update for pcp
Announcement ID: | SUSE-SU-2024:3533-1 |
---|---|
Release Date: | 2024-10-04T14:40:38Z |
Rating: | important |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves four vulnerabilities, contains two features and has one security fix can now be installed.
Description:
This update for pcp fixes the following issues:
pcp was updated from version 5.3.7 to version 6.2.0 (jsc#PED-8192, jsc#PED-8389):
-
Security issues fixed:
-
CVE-2024-45770: Fixed a symlink attack that allows escalating from the pcp to the root user (bsc#1230552)
- CVE-2024-45769: Fixed a heap corruption through metric pmstore operations (bsc#1230551)
- CVE-2023-6917: Fixed local privilege escalation from pcp user to root in /usr/libexec/pcp/lib/pmproxy (bsc#1217826)
-
CVE-2024-3019: Disabled redis proxy by default (bsc#1222121)
-
Major changes:
-
Add version 3 PCP archive support: instance domain change-deltas, Y2038-safe timestamps, nanosecond-precision timestamps, arbitrary timezones support, 64-bit file offsets used throughout for larger (beyond 2GB) individual volumes.
- Opt-in using the /etc/pcp.conf PCP_ARCHIVE_VERSION setting
- Version 2 archives remain the default (for next few years).
- Switch to using OpenSSL only throughout PCP (dropped NSS/NSPR); this impacts on libpcp, PMAPI clients and PMCD use of encryption; these are now configured and used consistently with pmproxy HTTPS support and redis-server, which were both already using OpenSSL.
- New nanosecond precision timestamp PMAPI calls for PCP library interfaces that make use of timestamps.
These are all optional, and full backward compatibility is preserved for existing tools. -
For the full list of changes please consult the packaged CHANGELOG file
-
Other packaging changes:
-
Moved pmlogger_daily into main package (bsc#1222815)
- Change dependency from openssl-devel >= 1.1.1 to openssl-devel >= 1.0.2p. Required for SLE-12.
- Introduce 'pmda-resctrl' package, disabled for architectures other than x86_64.
- Change the architecture for various subpackages to 'noarch' as they contain no binaries.
- Disable 'pmda-mssql', as it fails to build.
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-3533=1 SUSE-2024-3533=1
-
Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-3533=1
Package List:
-
openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
- pcp-pmda-dm-6.2.0-150600.3.6.1
- libpcp_web1-debuginfo-6.2.0-150600.3.6.1
- libpcp_gui2-debuginfo-6.2.0-150600.3.6.1
- pcp-pmda-nvidia-gpu-debuginfo-6.2.0-150600.3.6.1
- pcp-pmda-hacluster-debuginfo-6.2.0-150600.3.6.1
- pcp-pmda-lustrecomm-6.2.0-150600.3.6.1
- pcp-pmda-gfs2-6.2.0-150600.3.6.1
- pcp-pmda-mounts-debuginfo-6.2.0-150600.3.6.1
- pcp-devel-debuginfo-6.2.0-150600.3.6.1
- pcp-system-tools-6.2.0-150600.3.6.1
- python3-pcp-6.2.0-150600.3.6.1
- pcp-pmda-systemd-debuginfo-6.2.0-150600.3.6.1
- libpcp3-debuginfo-6.2.0-150600.3.6.1
- pcp-pmda-apache-6.2.0-150600.3.6.1
- pcp-pmda-sockets-debuginfo-6.2.0-150600.3.6.1
- perl-PCP-MMV-6.2.0-150600.3.6.1
- pcp-pmda-summary-6.2.0-150600.3.6.1
- pcp-pmda-bash-6.2.0-150600.3.6.1
- pcp-pmda-mailq-6.2.0-150600.3.6.1
- pcp-pmda-sendmail-6.2.0-150600.3.6.1
- libpcp_web1-6.2.0-150600.3.6.1
- pcp-pmda-apache-debuginfo-6.2.0-150600.3.6.1
- pcp-pmda-logger-6.2.0-150600.3.6.1
- pcp-testsuite-debuginfo-6.2.0-150600.3.6.1
- pcp-pmda-trace-debuginfo-6.2.0-150600.3.6.1
- pcp-devel-6.2.0-150600.3.6.1
- pcp-pmda-summary-debuginfo-6.2.0-150600.3.6.1
- pcp-pmda-logger-debuginfo-6.2.0-150600.3.6.1
- perl-PCP-PMDA-6.2.0-150600.3.6.1
- pcp-pmda-sockets-6.2.0-150600.3.6.1
- pcp-pmda-weblog-6.2.0-150600.3.6.1
- perl-PCP-MMV-debuginfo-6.2.0-150600.3.6.1
- pcp-debugsource-6.2.0-150600.3.6.1
- pcp-6.2.0-150600.3.6.1
- pcp-pmda-smart-6.2.0-150600.3.6.1
- pcp-pmda-roomtemp-6.2.0-150600.3.6.1
- pcp-pmda-docker-debuginfo-6.2.0-150600.3.6.1
- pcp-pmda-shping-6.2.0-150600.3.6.1
- pcp-pmda-shping-debuginfo-6.2.0-150600.3.6.1
- perl-PCP-LogSummary-6.2.0-150600.3.6.1
- libpcp_gui2-6.2.0-150600.3.6.1
- pcp-pmda-smart-debuginfo-6.2.0-150600.3.6.1
- perl-PCP-LogImport-6.2.0-150600.3.6.1
- libpcp3-6.2.0-150600.3.6.1
- pcp-pmda-cifs-debuginfo-6.2.0-150600.3.6.1
- python3-pcp-debuginfo-6.2.0-150600.3.6.1
- pcp-pmda-cifs-6.2.0-150600.3.6.1
- pcp-pmda-cisco-6.2.0-150600.3.6.1
- pcp-pmda-hacluster-6.2.0-150600.3.6.1
- pcp-pmda-mailq-debuginfo-6.2.0-150600.3.6.1
- pcp-import-collectl2pcp-6.2.0-150600.3.6.1
- pcp-pmda-gfs2-debuginfo-6.2.0-150600.3.6.1
- libpcp_import1-debuginfo-6.2.0-150600.3.6.1
- libpcp-devel-6.2.0-150600.3.6.1
- pcp-pmda-roomtemp-debuginfo-6.2.0-150600.3.6.1
- libpcp_trace2-debuginfo-6.2.0-150600.3.6.1
- pcp-pmda-trace-6.2.0-150600.3.6.1
- perl-PCP-PMDA-debuginfo-6.2.0-150600.3.6.1
- pcp-pmda-zimbra-debuginfo-6.2.0-150600.3.6.1
- libpcp_mmv1-6.2.0-150600.3.6.1
- pcp-pmda-nvidia-gpu-6.2.0-150600.3.6.1
- pcp-pmda-bash-debuginfo-6.2.0-150600.3.6.1
- pcp-pmda-cisco-debuginfo-6.2.0-150600.3.6.1
- libpcp_import1-6.2.0-150600.3.6.1
- pcp-gui-debuginfo-6.2.0-150600.3.6.1
- libpcp_trace2-6.2.0-150600.3.6.1
- pcp-testsuite-6.2.0-150600.3.6.1
- libpcp_mmv1-debuginfo-6.2.0-150600.3.6.1
- pcp-pmda-systemd-6.2.0-150600.3.6.1
- pcp-pmda-lustrecomm-debuginfo-6.2.0-150600.3.6.1
- pcp-pmda-sendmail-debuginfo-6.2.0-150600.3.6.1
- pcp-pmda-weblog-debuginfo-6.2.0-150600.3.6.1
- pcp-system-tools-debuginfo-6.2.0-150600.3.6.1
- pcp-pmda-mounts-6.2.0-150600.3.6.1
- pcp-import-collectl2pcp-debuginfo-6.2.0-150600.3.6.1
- pcp-pmda-zimbra-6.2.0-150600.3.6.1
- pcp-gui-6.2.0-150600.3.6.1
- pcp-debuginfo-6.2.0-150600.3.6.1
- pcp-pmda-docker-6.2.0-150600.3.6.1
- pcp-pmda-dm-debuginfo-6.2.0-150600.3.6.1
- perl-PCP-LogImport-debuginfo-6.2.0-150600.3.6.1
-
openSUSE Leap 15.6 (noarch)
- pcp-pmda-redis-6.2.0-150600.3.6.1
- pcp-pmda-snmp-6.2.0-150600.3.6.1
- pcp-pmda-postfix-6.2.0-150600.3.6.1
- pcp-pmda-memcache-6.2.0-150600.3.6.1
- pcp-pmda-mysql-6.2.0-150600.3.6.1
- pcp-pmda-news-6.2.0-150600.3.6.1
- pcp-pmda-samba-6.2.0-150600.3.6.1
- pcp-export-pcp2influxdb-6.2.0-150600.3.6.1
- pcp-pmda-nfsclient-6.2.0-150600.3.6.1
- pcp-pmda-openmetrics-6.2.0-150600.3.6.1
- pcp-export-pcp2elasticsearch-6.2.0-150600.3.6.1
- pcp-conf-6.2.0-150600.3.6.1
- pcp-pmda-nutcracker-6.2.0-150600.3.6.1
- pcp-pmda-lmsensors-6.2.0-150600.3.6.1
- pcp-pmda-unbound-6.2.0-150600.3.6.1
- pcp-pmda-gluster-6.2.0-150600.3.6.1
- pcp-pmda-mic-6.2.0-150600.3.6.1
- pcp-pmda-named-6.2.0-150600.3.6.1
- pcp-pmda-netfilter-6.2.0-150600.3.6.1
- pcp-pmda-zswap-6.2.0-150600.3.6.1
- pcp-pmda-ds389-6.2.0-150600.3.6.1
- pcp-pmda-slurm-6.2.0-150600.3.6.1
- pcp-import-mrtg2pcp-6.2.0-150600.3.6.1
- pcp-pmda-dbping-6.2.0-150600.3.6.1
- pcp-pmda-netcheck-6.2.0-150600.3.6.1
- pcp-pmda-openvswitch-6.2.0-150600.3.6.1
- pcp-pmda-json-6.2.0-150600.3.6.1
- pcp-pmda-elasticsearch-6.2.0-150600.3.6.1
- pcp-import-sar2pcp-6.2.0-150600.3.6.1
- pcp-doc-6.2.0-150600.3.6.1
- pcp-pmda-haproxy-6.2.0-150600.3.6.1
- pcp-pmda-gpsd-6.2.0-150600.3.6.1
- pcp-pmda-ds389log-6.2.0-150600.3.6.1
- pcp-export-pcp2json-6.2.0-150600.3.6.1
- pcp-pmda-gpfs-6.2.0-150600.3.6.1
- pcp-pmda-oracle-6.2.0-150600.3.6.1
- pcp-pmda-rsyslog-6.2.0-150600.3.6.1
- pcp-export-pcp2zabbix-6.2.0-150600.3.6.1
- pcp-pmda-lustre-6.2.0-150600.3.6.1
- pcp-import-iostat2pcp-6.2.0-150600.3.6.1
- pcp-pmda-activemq-6.2.0-150600.3.6.1
- pcp-import-ganglia2pcp-6.2.0-150600.3.6.1
- pcp-pmda-bonding-6.2.0-150600.3.6.1
- pcp-pmda-pdns-6.2.0-150600.3.6.1
- pcp-zeroconf-6.2.0-150600.3.6.1
- pcp-export-pcp2spark-6.2.0-150600.3.6.1
- pcp-pmda-rabbitmq-6.2.0-150600.3.6.1
- pcp-pmda-nginx-6.2.0-150600.3.6.1
- pcp-export-pcp2graphite-6.2.0-150600.3.6.1
- pcp-export-pcp2xml-6.2.0-150600.3.6.1
-
openSUSE Leap 15.6 (aarch64 ppc64le x86_64 i586)
- pcp-pmda-infiniband-6.2.0-150600.3.6.1
- pcp-pmda-perfevent-debuginfo-6.2.0-150600.3.6.1
- pcp-pmda-infiniband-debuginfo-6.2.0-150600.3.6.1
- pcp-pmda-perfevent-6.2.0-150600.3.6.1
-
openSUSE Leap 15.6 (x86_64)
- pcp-pmda-resctrl-6.2.0-150600.3.6.1
- pcp-pmda-resctrl-debuginfo-6.2.0-150600.3.6.1
-
Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
- libpcp_web1-debuginfo-6.2.0-150600.3.6.1
- libpcp_gui2-debuginfo-6.2.0-150600.3.6.1
- pcp-system-tools-6.2.0-150600.3.6.1
- python3-pcp-6.2.0-150600.3.6.1
- pcp-devel-debuginfo-6.2.0-150600.3.6.1
- libpcp3-debuginfo-6.2.0-150600.3.6.1
- perl-PCP-MMV-6.2.0-150600.3.6.1
- libpcp_web1-6.2.0-150600.3.6.1
- pcp-devel-6.2.0-150600.3.6.1
- perl-PCP-MMV-debuginfo-6.2.0-150600.3.6.1
- pcp-debugsource-6.2.0-150600.3.6.1
- pcp-6.2.0-150600.3.6.1
- perl-PCP-LogSummary-6.2.0-150600.3.6.1
- libpcp_gui2-6.2.0-150600.3.6.1
- perl-PCP-LogImport-6.2.0-150600.3.6.1
- libpcp3-6.2.0-150600.3.6.1
- python3-pcp-debuginfo-6.2.0-150600.3.6.1
- perl-PCP-PMDA-6.2.0-150600.3.6.1
- libpcp_import1-debuginfo-6.2.0-150600.3.6.1
- libpcp-devel-6.2.0-150600.3.6.1
- libpcp_trace2-debuginfo-6.2.0-150600.3.6.1
- libpcp_mmv1-6.2.0-150600.3.6.1
- libpcp_import1-6.2.0-150600.3.6.1
- libpcp_trace2-6.2.0-150600.3.6.1
- libpcp_mmv1-debuginfo-6.2.0-150600.3.6.1
- pcp-system-tools-debuginfo-6.2.0-150600.3.6.1
- perl-PCP-PMDA-debuginfo-6.2.0-150600.3.6.1
- pcp-debuginfo-6.2.0-150600.3.6.1
- perl-PCP-LogImport-debuginfo-6.2.0-150600.3.6.1
-
Development Tools Module 15-SP6 (noarch)
- pcp-import-sar2pcp-6.2.0-150600.3.6.1
- pcp-conf-6.2.0-150600.3.6.1
- pcp-import-iostat2pcp-6.2.0-150600.3.6.1
- pcp-import-mrtg2pcp-6.2.0-150600.3.6.1
- pcp-doc-6.2.0-150600.3.6.1
-
Development Tools Module 15-SP6 (ppc64le)
- pcp-pmda-perfevent-debuginfo-6.2.0-150600.3.6.1
- pcp-pmda-perfevent-6.2.0-150600.3.6.1
References:
- https://www.suse.com/security/cve/CVE-2023-6917.html
- https://www.suse.com/security/cve/CVE-2024-3019.html
- https://www.suse.com/security/cve/CVE-2024-45769.html
- https://www.suse.com/security/cve/CVE-2024-45770.html
- https://bugzilla.suse.com/show_bug.cgi?id=1217826
- https://bugzilla.suse.com/show_bug.cgi?id=1222121
- https://bugzilla.suse.com/show_bug.cgi?id=1222815
- https://bugzilla.suse.com/show_bug.cgi?id=1230551
- https://bugzilla.suse.com/show_bug.cgi?id=1230552
- https://jira.suse.com/browse/PED-8192
- https://jira.suse.com/browse/PED-8389