Test Kennung:	1.3.6.1.4.1.25623.1.0.856533
Kategorie:	openSUSE Local Security Checks
Titel:	openSUSE Security Advisory (SUSE-SU-2024:3533-1)
Zusammenfassung:	The remote host is missing an update for the 'pcp' package(s) announced via the SUSE-SU-2024:3533-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'pcp' package(s) announced via the SUSE-SU-2024:3533-1 advisory. Vulnerability Insight: This update for pcp fixes the following issues: pcp was updated from version 5.3.7 to version 6.2.0 (jsc#PED-8192, jsc#PED-8389): - Security issues fixed: * CVE-2024-45770: Fixed a symlink attack that allows escalating from the pcp to the root user (bsc#1230552) * CVE-2024-45769: Fixed a heap corruption through metric pmstore operations (bsc#1230551) * CVE-2023-6917: Fixed local privilege escalation from pcp user to root in /usr/libexec/pcp/lib/pmproxy (bsc#1217826) * CVE-2024-3019: Disabled redis proxy by default (bsc#1222121) - Major changes: * Add version 3 PCP archive support: instance domain change-deltas, Y2038-safe timestamps, nanosecond-precision timestamps, arbitrary timezones support, 64-bit file offsets used throughout for larger (beyond 2GB) individual volumes. + Opt-in using the /etc/pcp.conf PCP_ARCHIVE_VERSION setting + Version 2 archives remain the default (for next few years). * Switch to using OpenSSL only throughout PCP (dropped NSS/NSPR), this impacts on libpcp, PMAPI clients and PMCD use of encryption, these are now configured and used consistently with pmproxy HTTPS support and redis-server, which were both already using OpenSSL. * New nanosecond precision timestamp PMAPI calls for PCP library interfaces that make use of timestamps. These are all optional, and full backward compatibility is preserved for existing tools. * For the full list of changes please consult the packaged CHANGELOG file - Other packaging changes: * Moved pmlogger_daily into main package (bsc#1222815) * Change dependency from openssl-devel >= 1.1.1 to openssl-devel >= 1.0.2p. Required for SLE-12. * Introduce 'pmda-resctrl' package, disabled for architectures other than x86_64. * Change the architecture for various subpackages to 'noarch' as they contain no binaries. * Disable 'pmda-mssql', as it fails to build. Affected Software/OS: 'pcp' package(s) on openSUSE Leap 15.6. Solution: Please install the updated package(s). CVSS Score: 8.3 CVSS Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2023-6917 RHBZ#2254983 https://bugzilla.redhat.com/show_bug.cgi?id=2254983 RHSA-2024:2213 https://access.redhat.com/errata/RHSA-2024:2213 https://access.redhat.com/security/cve/CVE-2023-6917 Common Vulnerability Exposure (CVE) ID: CVE-2024-3019 RHBZ#2271898 https://bugzilla.redhat.com/show_bug.cgi?id=2271898 RHSA-2024:2566 https://access.redhat.com/errata/RHSA-2024:2566 RHSA-2024:3264 https://access.redhat.com/errata/RHSA-2024:3264 RHSA-2024:3321 https://access.redhat.com/errata/RHSA-2024:3321 RHSA-2024:3322 https://access.redhat.com/errata/RHSA-2024:3322 RHSA-2024:3323 https://access.redhat.com/errata/RHSA-2024:3323 RHSA-2024:3324 https://access.redhat.com/errata/RHSA-2024:3324 RHSA-2024:3325 https://access.redhat.com/errata/RHSA-2024:3325 RHSA-2024:3392 https://access.redhat.com/errata/RHSA-2024:3392 https://access.redhat.com/security/cve/CVE-2024-3019 Common Vulnerability Exposure (CVE) ID: CVE-2024-45769 Common Vulnerability Exposure (CVE) ID: CVE-2024-45770
Copyright	Copyright (C) 2024 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.