Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2020:0357-1

Опубликовано: 07 фев. 2020
Источник: suse-cvrf

Описание

Security update for pcp

This update for pcp fixes the following issues:

Security issue fixed:

  • CVE-2019-3696: Fixed a local privilege escalation in migrate_tempdirs() (bsc#1153921).
  • CVE-2019-3695: Fixed a local privilege escalation of the pcp user during package update (bsc#1152763).

Non-security issue fixed:

  • Fixed an dependency issue with pcp2csv (bsc#1129991).

Список пакетов

SUSE Linux Enterprise High Performance Computing 15-ESPOS
libpcp-devel-3.11.9-5.8.1
libpcp3-3.11.9-5.8.1
libpcp_gui2-3.11.9-5.8.1
libpcp_import1-3.11.9-5.8.1
libpcp_mmv1-3.11.9-5.8.1
libpcp_trace2-3.11.9-5.8.1
libpcp_web1-3.11.9-5.8.1
pcp-3.11.9-5.8.1
pcp-conf-3.11.9-5.8.1
pcp-devel-3.11.9-5.8.1
pcp-doc-3.11.9-5.8.1
pcp-import-iostat2pcp-3.11.9-5.8.1
pcp-import-mrtg2pcp-3.11.9-5.8.1
pcp-import-sar2pcp-3.11.9-5.8.1
perl-PCP-LogImport-3.11.9-5.8.1
perl-PCP-LogSummary-3.11.9-5.8.1
perl-PCP-MMV-3.11.9-5.8.1
perl-PCP-PMDA-3.11.9-5.8.1
python-pcp-3.11.9-5.8.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
libpcp-devel-3.11.9-5.8.1
libpcp3-3.11.9-5.8.1
libpcp_gui2-3.11.9-5.8.1
libpcp_import1-3.11.9-5.8.1
libpcp_mmv1-3.11.9-5.8.1
libpcp_trace2-3.11.9-5.8.1
libpcp_web1-3.11.9-5.8.1
pcp-3.11.9-5.8.1
pcp-conf-3.11.9-5.8.1
pcp-devel-3.11.9-5.8.1
pcp-doc-3.11.9-5.8.1
pcp-import-iostat2pcp-3.11.9-5.8.1
pcp-import-mrtg2pcp-3.11.9-5.8.1
pcp-import-sar2pcp-3.11.9-5.8.1
perl-PCP-LogImport-3.11.9-5.8.1
perl-PCP-LogSummary-3.11.9-5.8.1
perl-PCP-MMV-3.11.9-5.8.1
perl-PCP-PMDA-3.11.9-5.8.1
python-pcp-3.11.9-5.8.1
SUSE Linux Enterprise Module for Development Tools 15
libpcp-devel-3.11.9-5.8.1
libpcp3-3.11.9-5.8.1
libpcp_gui2-3.11.9-5.8.1
libpcp_import1-3.11.9-5.8.1
libpcp_mmv1-3.11.9-5.8.1
libpcp_trace2-3.11.9-5.8.1
libpcp_web1-3.11.9-5.8.1
pcp-3.11.9-5.8.1
pcp-conf-3.11.9-5.8.1
pcp-devel-3.11.9-5.8.1
pcp-doc-3.11.9-5.8.1
pcp-import-iostat2pcp-3.11.9-5.8.1
pcp-import-mrtg2pcp-3.11.9-5.8.1
pcp-import-sar2pcp-3.11.9-5.8.1
perl-PCP-LogImport-3.11.9-5.8.1
perl-PCP-LogSummary-3.11.9-5.8.1
perl-PCP-MMV-3.11.9-5.8.1
perl-PCP-PMDA-3.11.9-5.8.1
python-pcp-3.11.9-5.8.1
SUSE Linux Enterprise Server 15-LTSS
libpcp-devel-3.11.9-5.8.1
libpcp3-3.11.9-5.8.1
libpcp_gui2-3.11.9-5.8.1
libpcp_import1-3.11.9-5.8.1
libpcp_mmv1-3.11.9-5.8.1
libpcp_trace2-3.11.9-5.8.1
libpcp_web1-3.11.9-5.8.1
pcp-3.11.9-5.8.1
pcp-conf-3.11.9-5.8.1
pcp-devel-3.11.9-5.8.1
pcp-doc-3.11.9-5.8.1
pcp-import-iostat2pcp-3.11.9-5.8.1
pcp-import-mrtg2pcp-3.11.9-5.8.1
pcp-import-sar2pcp-3.11.9-5.8.1
perl-PCP-LogImport-3.11.9-5.8.1
perl-PCP-LogSummary-3.11.9-5.8.1
perl-PCP-MMV-3.11.9-5.8.1
perl-PCP-PMDA-3.11.9-5.8.1
python-pcp-3.11.9-5.8.1
SUSE Linux Enterprise Server for SAP Applications 15
libpcp-devel-3.11.9-5.8.1
libpcp3-3.11.9-5.8.1
libpcp_gui2-3.11.9-5.8.1
libpcp_import1-3.11.9-5.8.1
libpcp_mmv1-3.11.9-5.8.1
libpcp_trace2-3.11.9-5.8.1
libpcp_web1-3.11.9-5.8.1
pcp-3.11.9-5.8.1
pcp-conf-3.11.9-5.8.1
pcp-devel-3.11.9-5.8.1
pcp-doc-3.11.9-5.8.1
pcp-import-iostat2pcp-3.11.9-5.8.1
pcp-import-mrtg2pcp-3.11.9-5.8.1
pcp-import-sar2pcp-3.11.9-5.8.1
perl-PCP-LogImport-3.11.9-5.8.1
perl-PCP-LogSummary-3.11.9-5.8.1
perl-PCP-MMV-3.11.9-5.8.1
perl-PCP-PMDA-3.11.9-5.8.1
python-pcp-3.11.9-5.8.1

Ссылки

Описание

A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows the user pcp to run code as root by placing it into /var/log/pcp/configs.sh This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libpcp-devel-3.11.9-5.8.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libpcp3-3.11.9-5.8.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libpcp_gui2-3.11.9-5.8.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libpcp_import1-3.11.9-5.8.1
Ссылки

Описание

A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local user pcp to overwrite arbitrary files with arbitrary content. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libpcp-devel-3.11.9-5.8.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libpcp3-3.11.9-5.8.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libpcp_gui2-3.11.9-5.8.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libpcp_import1-3.11.9-5.8.1
Ссылки