 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.856533 |
| Category: | openSUSE Local Security Checks |
| Title: | openSUSE Security Advisory (SUSE-SU-2024:3533-1) |
| Summary: | The remote host is missing an update for the 'pcp' package(s) announced via the SUSE-SU-2024:3533-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'pcp' package(s) announced via the SUSE-SU-2024:3533-1 advisory. Vulnerability Insight: This update for pcp fixes the following issues: pcp was updated from version 5.3.7 to version 6.2.0 (jsc#PED-8192, jsc#PED-8389): - Security issues fixed: * CVE-2024-45770: Fixed a symlink attack that allows escalating from the pcp to the root user (bsc#1230552) * CVE-2024-45769: Fixed a heap corruption through metric pmstore operations (bsc#1230551) * CVE-2023-6917: Fixed local privilege escalation from pcp user to root in /usr/libexec/pcp/lib/pmproxy (bsc#1217826) * CVE-2024-3019: Disabled redis proxy by default (bsc#1222121) - Major changes: * Add version 3 PCP archive support: instance domain change-deltas, Y2038-safe timestamps, nanosecond-precision timestamps, arbitrary timezones support, 64-bit file offsets used throughout for larger (beyond 2GB) individual volumes. + Opt-in using the /etc/pcp.conf PCP_ARCHIVE_VERSION setting + Version 2 archives remain the default (for next few years). * Switch to using OpenSSL only throughout PCP (dropped NSS/NSPR), this impacts on libpcp, PMAPI clients and PMCD use of encryption, these are now configured and used consistently with pmproxy HTTPS support and redis-server, which were both already using OpenSSL. * New nanosecond precision timestamp PMAPI calls for PCP library interfaces that make use of timestamps. These are all optional, and full backward compatibility is preserved for existing tools. * For the full list of changes please consult the packaged CHANGELOG file - Other packaging changes: * Moved pmlogger_daily into main package (bsc#1222815) * Change dependency from openssl-devel >= 1.1.1 to openssl-devel >= 1.0.2p. Required for SLE-12. * Introduce 'pmda-resctrl' package, disabled for architectures other than x86_64. * Change the architecture for various subpackages to 'noarch' as they contain no binaries. * Disable 'pmda-mssql', as it fails to build. Affected Software/OS: 'pcp' package(s) on openSUSE Leap 15.6. Solution: Please install the updated package(s). CVSS Score: 8.3 CVSS Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2023-6917 RHBZ#2254983 https://bugzilla.redhat.com/show_bug.cgi?id=2254983 RHSA-2024:2213 https://access.redhat.com/errata/RHSA-2024:2213 https://access.redhat.com/security/cve/CVE-2023-6917 Common Vulnerability Exposure (CVE) ID: CVE-2024-3019 RHBZ#2271898 https://bugzilla.redhat.com/show_bug.cgi?id=2271898 RHSA-2024:2566 https://access.redhat.com/errata/RHSA-2024:2566 RHSA-2024:3264 https://access.redhat.com/errata/RHSA-2024:3264 RHSA-2024:3321 https://access.redhat.com/errata/RHSA-2024:3321 RHSA-2024:3322 https://access.redhat.com/errata/RHSA-2024:3322 RHSA-2024:3323 https://access.redhat.com/errata/RHSA-2024:3323 RHSA-2024:3324 https://access.redhat.com/errata/RHSA-2024:3324 RHSA-2024:3325 https://access.redhat.com/errata/RHSA-2024:3325 RHSA-2024:3392 https://access.redhat.com/errata/RHSA-2024:3392 https://access.redhat.com/security/cve/CVE-2024-3019 Common Vulnerability Exposure (CVE) ID: CVE-2024-45769 Common Vulnerability Exposure (CVE) ID: CVE-2024-45770 |
| Copyright | Copyright (C) 2024 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |