# Security update for pcp

Announcement ID: SUSE-SU-2024:3976-1  
Release Date: 2024-11-12T07:12:38Z  
Rating: important  
References:

  * bsc#1186511
  * bsc#1217826
  * bsc#1222121
  * bsc#1222815
  * bsc#1230551
  * bsc#1230552
  * bsc#1231345
  * jsc#PED-8192
  * jsc#PED-8389

  
Cross-References:

  * CVE-2023-6917
  * CVE-2024-3019
  * CVE-2024-45769
  * CVE-2024-45770

  
CVSS scores:

  * CVE-2023-6917 ( SUSE ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-3019 ( SUSE ):  8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-45769 ( SUSE ):  5.7
    CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  * CVE-2024-45769 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-45769 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-45770 ( SUSE ):  4.6
    CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
  * CVE-2024-45770 ( SUSE ):  6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
  * CVE-2024-45770 ( NVD ):  4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

  
Affected Products:

  * SUSE Linux Enterprise High Performance Computing 12 SP5
  * SUSE Linux Enterprise Server 12 SP5
  * SUSE Linux Enterprise Server for SAP Applications 12 SP5
  * SUSE Linux Enterprise Software Development Kit 12 SP5

  
  
An update that solves four vulnerabilities, contains two features and has three
security fixes can now be installed.

## Description:

This update for pcp fixes the following issues:

pcp was updated from version 3.11.9 to version 6.2.0 (jsc#PED-8192,
jsc#PED-8389):

  * Security issues fixed:

  * CVE-2024-45770: Fixed a symlink attack that allows escalating from the pcp
    to the root user (bsc#1230552)

  * CVE-2024-45769: Fixed a heap corruption through metric pmstore operations
    (bsc#1230551)
  * CVE-2023-6917: Fixed local privilege escalation from pcp user to root in
    /usr/libexec/pcp/lib/pmproxy (bsc#1217826)
  * CVE-2024-3019: Disabled redis proxy by default (bsc#1222121)

  * Major changes:

  * Add version 3 PCP archive support: instance domain change-deltas, Y2038-safe
    timestamps, nanosecond-precision timestamps, arbitrary timezones support,
    64-bit file offsets used throughout for larger (beyond 2GB) individual
    volumes.

    * Opt-in using the /etc/pcp.conf PCP_ARCHIVE_VERSION setting
    * Version 2 archives remain the default (for next few years).
  * Switch to using OpenSSL only throughout PCP (dropped NSS/NSPR); this impacts
    on libpcp, PMAPI clients and PMCD use of encryption; these are now
    configured and used consistently with pmproxy HTTPS support and redis-
    server, which were both already using OpenSSL.
  * New nanosecond precision timestamp PMAPI calls for PCP library interfaces
    that make use of timestamps.  
These are all optional, and full backward compatibility is preserved for
existing tools.

  * For the full list of changes please consult the packaged CHANGELOG file

  * Other packaging changes:

  * Reintroduce libuv support for SUSE Linux Enterprise 15 (bsc#1231345)

  * Moved pmlogger_daily into main package (bsc#1222815)
  * Switched logutil and pmieutil scripts from Type=oneshot to Type=exec
    (bsc#1186511)
  * Change dependency from openssl-devel >= 1.1.1 to openssl-devel >= 1.0.2p.
    Required for SUSE Linux Enterprise 12.
  * Disabled 'pmda-infiniband' subpackage for SUSE Linux Enterprise 12 to
    resolve build issues.
  * Introduce 'pmda-resctrl' package, disabled for architectures other than
    x86_64.
  * Change the architecture for various subpackages to 'noarch' as they contain
    no binaries.
  * Disable 'pmda-mssql', as it fails to build.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Enterprise Software Development Kit 12 SP5  
    zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-3976=1

## Package List:

  * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x
    x86_64)
    * pcp-pmda-summary-6.2.0-6.29.2
    * pcp-pmda-cisco-debuginfo-6.2.0-6.29.2
    * pcp-pmda-zimbra-6.2.0-6.29.2
    * pcp-pmda-shping-6.2.0-6.29.2
    * libpcp_gui2-debuginfo-6.2.0-6.29.2
    * perl-PCP-LogSummary-6.2.0-6.29.2
    * perl-PCP-LogImport-6.2.0-6.29.2
    * pcp-pmda-apache-6.2.0-6.29.2
    * pcp-pmda-apache-debuginfo-6.2.0-6.29.2
    * pcp-pmda-logger-debuginfo-6.2.0-6.29.2
    * pcp-pmda-mailq-debuginfo-6.2.0-6.29.2
    * pcp-pmda-nvidia-gpu-6.2.0-6.29.2
    * perl-PCP-MMV-6.2.0-6.29.2
    * pcp-import-collectl2pcp-debuginfo-6.2.0-6.29.2
    * pcp-pmda-bind2-6.2.0-6.29.2
    * libpcp3-6.2.0-6.29.2
    * pcp-pmda-mounts-debuginfo-6.2.0-6.29.2
    * pcp-pmda-bash-debuginfo-6.2.0-6.29.2
    * pcp-pmda-summary-debuginfo-6.2.0-6.29.2
    * perl-PCP-LogImport-debuginfo-6.2.0-6.29.2
    * pcp-pmda-docker-6.2.0-6.29.2
    * libpcp_web1-6.2.0-6.29.2
    * pcp-pmda-mounts-6.2.0-6.29.2
    * pcp-pmda-weblog-debuginfo-6.2.0-6.29.2
    * pcp-pmda-gfs2-debuginfo-6.2.0-6.29.2
    * pcp-pmda-systemd-debuginfo-6.2.0-6.29.2
    * pcp-pmda-roomtemp-6.2.0-6.29.2
    * libpcp_trace2-6.2.0-6.29.2
    * pcp-debugsource-6.2.0-6.29.2
    * pcp-pmda-lustrecomm-6.2.0-6.29.2
    * pcp-devel-debuginfo-6.2.0-6.29.2
    * python3-pcp-debuginfo-6.2.0-6.29.2
    * libpcp3-debuginfo-6.2.0-6.29.2
    * pcp-pmda-logger-6.2.0-6.29.2
    * perl-PCP-PMDA-6.2.0-6.29.2
    * perl-PCP-PMDA-debuginfo-6.2.0-6.29.2
    * pcp-pmda-systemd-6.2.0-6.29.2
    * pcp-pmda-cisco-6.2.0-6.29.2
    * pcp-pmda-gfs2-6.2.0-6.29.2
    * pcp-pmda-weblog-6.2.0-6.29.2
    * pcp-pmda-trace-debuginfo-6.2.0-6.29.2
    * pcp-pmda-trace-6.2.0-6.29.2
    * libpcp_mmv1-debuginfo-6.2.0-6.29.2
    * pcp-pmda-dm-debuginfo-6.2.0-6.29.2
    * perl-PCP-MMV-debuginfo-6.2.0-6.29.2
    * pcp-pmda-shping-debuginfo-6.2.0-6.29.2
    * libpcp_trace2-debuginfo-6.2.0-6.29.2
    * pcp-pmda-cifs-6.2.0-6.29.2
    * pcp-pmda-nvidia-gpu-debuginfo-6.2.0-6.29.2
    * pcp-pmda-mailq-6.2.0-6.29.2
    * pcp-pmda-docker-debuginfo-6.2.0-6.29.2
    * pcp-pmda-sendmail-debuginfo-6.2.0-6.29.2
    * pcp-system-tools-6.2.0-6.29.2
    * libpcp_web1-debuginfo-6.2.0-6.29.2
    * libpcp_gui2-6.2.0-6.29.2
    * pcp-pmda-cifs-debuginfo-6.2.0-6.29.2
    * pcp-pmda-lustrecomm-debuginfo-6.2.0-6.29.2
    * libpcp_import1-6.2.0-6.29.2
    * pcp-devel-6.2.0-6.29.2
    * pcp-6.2.0-6.29.2
    * pcp-import-collectl2pcp-6.2.0-6.29.2
    * libpcp-devel-6.2.0-6.29.2
    * pcp-pmda-bash-6.2.0-6.29.2
    * pcp-pmda-sendmail-6.2.0-6.29.2
    * pcp-pmda-dm-6.2.0-6.29.2
    * python3-pcp-6.2.0-6.29.2
    * pcp-pmda-roomtemp-debuginfo-6.2.0-6.29.2
    * libpcp_import1-debuginfo-6.2.0-6.29.2
    * libpcp_mmv1-6.2.0-6.29.2
    * pcp-debuginfo-6.2.0-6.29.2
  * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch)
    * pcp-pmda-gluster-6.2.0-6.29.2
    * pcp-pmda-unbound-6.2.0-6.29.2
    * pcp-pmda-lmsensors-6.2.0-6.29.2
    * pcp-pmda-netfilter-6.2.0-6.29.2
    * pcp-pmda-mysql-6.2.0-6.29.2
    * pcp-doc-6.2.0-6.29.2
    * pcp-pmda-oracle-6.2.0-6.29.2
    * pcp-pmda-gpsd-6.2.0-6.29.2
    * pcp-pmda-lustre-6.2.0-6.29.2
    * pcp-pmda-nfsclient-6.2.0-6.29.2
    * pcp-pmda-bonding-6.2.0-6.29.2
    * pcp-pmda-ds389log-6.2.0-6.29.2
    * pcp-pmda-slurm-6.2.0-6.29.2
    * pcp-pmda-samba-6.2.0-6.29.2
    * pcp-pmda-ds389-6.2.0-6.29.2
    * pcp-pmda-nutcracker-6.2.0-6.29.2
    * pcp-pmda-news-6.2.0-6.29.2
    * pcp-pmda-mic-6.2.0-6.29.2
    * pcp-pmda-activemq-6.2.0-6.29.2
    * pcp-pmda-nginx-6.2.0-6.29.2
    * pcp-import-mrtg2pcp-6.2.0-6.29.2
    * pcp-pmda-pdns-6.2.0-6.29.2
    * pcp-pmda-gpfs-6.2.0-6.29.2
    * pcp-pmda-postfix-6.2.0-6.29.2
    * pcp-pmda-memcache-6.2.0-6.29.2
    * pcp-pmda-snmp-6.2.0-6.29.2
    * pcp-pmda-elasticsearch-6.2.0-6.29.2
    * pcp-pmda-zswap-6.2.0-6.29.2
    * pcp-pmda-named-6.2.0-6.29.2
    * pcp-export-pcp2influxdb-6.2.0-6.29.2
    * pcp-pmda-dbping-6.2.0-6.29.2
    * pcp-pmda-rsyslog-6.2.0-6.29.2
    * pcp-import-sar2pcp-6.2.0-6.29.2
    * pcp-import-iostat2pcp-6.2.0-6.29.2
    * pcp-import-ganglia2pcp-6.2.0-6.29.2
    * pcp-conf-6.2.0-6.29.2
    * pcp-export-pcp2graphite-6.2.0-6.29.2
    * pcp-pmda-redis-6.2.0-6.29.2
  * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le
    x86_64)
    * pcp-pmda-perfevent-debuginfo-6.2.0-6.29.2
    * pcp-pmda-perfevent-6.2.0-6.29.2

## References:

  * https://www.suse.com/security/cve/CVE-2023-6917.html
  * https://www.suse.com/security/cve/CVE-2024-3019.html
  * https://www.suse.com/security/cve/CVE-2024-45769.html
  * https://www.suse.com/security/cve/CVE-2024-45770.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1186511
  * https://bugzilla.suse.com/show_bug.cgi?id=1217826
  * https://bugzilla.suse.com/show_bug.cgi?id=1222121
  * https://bugzilla.suse.com/show_bug.cgi?id=1222815
  * https://bugzilla.suse.com/show_bug.cgi?id=1230551
  * https://bugzilla.suse.com/show_bug.cgi?id=1230552
  * https://bugzilla.suse.com/show_bug.cgi?id=1231345
  * https://jira.suse.com/browse/PED-8192
  * https://jira.suse.com/browse/PED-8389

SUSE: 2024:3976-1 important: pcp Security Advisory Updates

November 12, 2024
* bsc#1186511 * bsc#1217826 * bsc#1222121 * bsc#1222815 * bsc#1230551

Summary

## This update for pcp fixes the following issues: pcp was updated from version 3.11.9 to version 6.2.0 (jsc#PED-8192, jsc#PED-8389): * Security issues fixed: * CVE-2024-45770: Fixed a symlink attack that allows escalating from the pcp to the root user (bsc#1230552) * CVE-2024-45769: Fixed a heap corruption through metric pmstore operations (bsc#1230551) * CVE-2023-6917: Fixed local privilege escalation from pcp user to root in /usr/libexec/pcp/lib/pmproxy (bsc#1217826) * CVE-2024-3019: Disabled redis proxy by default (bsc#1222121) * Major changes: * Add version 3 PCP archive support: instance domain change-deltas, Y2038-safe timestamps, nanosecond-precision timestamps, arbitrary timezones support, 64-bit file offsets used throughout for larger (beyond 2GB) individual volumes. * Opt-in using the /etc/pcp.conf PCP_ARCHIVE_VERSION setting * Version 2 archives remain the default (for next few years). * Switch to using OpenSSL onl...

Read the Full Advisory

References

* bsc#1186511

* bsc#1217826

* bsc#1222121

* bsc#1222815

* bsc#1230551

* bsc#1230552

* bsc#1231345

* jsc#PED-8192

* jsc#PED-8389

Cross-

* CVE-2023-6917

* CVE-2024-3019

* CVE-2024-45769

* CVE-2024-45770

CVSS scores:

* CVE-2023-6917 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-3019 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-45769 ( SUSE ): 5.7

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2024-45769 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-45769 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-45770 ( SUSE ): 4.6

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

* CVE-2024-45770 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

* CVE-2024-45770 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Affected Products:

* SUSE Linux Enterprise High Performance Computing 12 SP5

* SUSE Linux Enterprise...

Read the Full Advisory

Severity
Announcement ID: SUSE-SU-2024:3976-1
Release Date: 2024-11-12T07:12:38Z
Rating: important

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved