Login
Newsletter
Werbung

Sicherheit: Unsichere Verwendung temporärer Dateien in pcp
Aktuelle Meldungen Distributionen
Name: Unsichere Verwendung temporärer Dateien in pcp
ID: FEDORA-2012-20146
Distribution: Fedora
Plattformen: Fedora 16
Datum: Mi, 19. Dezember 2012, 11:08
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5530
Applikationen: Performance Co-Pilot

Originalnachricht

Name        : pcp
Product : Fedora 16
Version : 3.6.10
Release : 2.fc16
URL : http://oss.sgi.com/projects/pcp
Summary : System-level performance monitoring and performance management
Description :
Performance Co-Pilot (PCP) provides a framework and services to support
system-level performance monitoring and performance management.

The PCP open source release provides a unifying abstraction for all of
the interesting performance data in a system, and allows client
applications to easily retrieve and process any subset of that data.

-------------------------------------------------------------------------------
-
Update Information:

Fix functional regressions from recent tmpfile security fixes
-------------------------------------------------------------------------------
-
ChangeLog:

* Wed Nov 28 2012 Nathan Scott <nathans@redhat.com> - 3.6.10-2
- Ensure tmpfile directories created in %files section.
- Resolve tmpfile create/teardown race conditions.
* Mon Nov 19 2012 Nathan Scott <nathans@redhat.com> - 3.6.10-1
- Update to latest PCP sources.
- Resolve tmpfile security flaws: CVE-2012-5530
- Introduces new "pcp" user account for all daemons to use.
* Fri Oct 12 2012 Nathan Scott <nathans@redhat.com> - 3.6.9-1
- Update to latest PCP sources.
- Fix pmcd sigsegv in NUMA/CPU indom setup (BZ 858384)
- Fix sar2pcp uninitialised perl variable warning (BZ 859117)
- Fix pcp.py and pmcollectl with older python versions (BZ 852234)
* Fri Sep 14 2012 Nathan Scott <nathans@redhat.com> - 3.6.8-1
- Update to latest PCP sources.
* Wed Sep 5 2012 Nathan Scott <nathans@redhat.com> - 3.6.6-1.1
- Move configure step from prep to build section of spec (BZ 854128)
* Tue Aug 28 2012 Mark Goodwin <mgoodwin@redhat.com> - 3.6.6-1
- Update to latest PCP sources, see installed CHANGELOG for details.
- Introduces new python-pcp and pcp-testsuite sub-packages.
* Thu Aug 16 2012 Mark Goodwin <mgoodwin@redhat.com> - 3.6.5-1
- Update to latest PCP sources, see installed CHANGELOG for details.
- Fix security flaws: CVE-2012-3418 CVE-2012-3419 CVE-2012-3420 and
CVE-2012-3421 (BZ 848629)
* Thu Jul 19 2012 Mark Goodwin <mgoodwin@redhat.com>
- pmcd and pmlogger services are not supposed to be enabled by default (BZ
840763) - 3.6.3-1.3
* Thu Jun 21 2012 Mark Goodwin <mgoodwin@redhat.com>
- remove pcp-import-sheet2pcp subpackage due to missing deps (BZ 830923) -
3.6.3-1.2
* Fri May 18 2012 Dan Hork <dan[at]danny.cz> - 3.6.3-1.1
- fix build on s390x
* Mon Apr 30 2012 Mark Goodwin - 3.6.3-1
- Update to latest PCP sources
* Thu Apr 26 2012 Mark Goodwin - 3.6.2-1
- Update to latest PCP sources
* Thu Apr 12 2012 Mark Goodwin - 3.6.1-1
- Update to latest PCP sources
* Thu Mar 22 2012 Mark Goodwin - 3.6.0-1
- use
CFLAGS="${CFLAGS:--O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic}" ; export CFLAGS ;
CXXFLAGS="${CXXFLAGS:--O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2
-fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic}" ; export CXXFLAGS ;
FFLAGS="${FFLAGS:--O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -I/usr/lib64/gfortran/modules}" ; export FFLAGS ;
LDFLAGS="${LDFLAGS:--Wl,-z,relro }"; export LDFLAGS;
./configure --build=x86_64-redhat-linux-gnu --host=x86_64-redhat-linux-gnu \
--program-prefix= \
--disable-dependency-tracking \
--prefix=/usr \
--exec-prefix=/usr \
--bindir=/usr/bin \
--sbindir=/usr/sbin \
--sysconfdir=/etc \
--datadir=/usr/share \
--includedir=/usr/include \
--libdir=/usr/lib64 \
--libexecdir=/usr/libexec \
--localstatedir=/var \
--sharedstatedir=/var/lib \
--mandir=/usr/share/man \
--infodir=/usr/share/info macro for correct libdir logic
- update to latest PCP sources
* Thu Dec 15 2011 Mark Goodwin - 3.5.11-2
- patched configure.in for libdir=/usr/lib64 on ppc64
* Thu Dec 1 2011 Mark Goodwin - 3.5.11-1
- Update to latest PCP sources.
* Fri Nov 4 2011 Mark Goodwin - 3.5.10-1
- Update to latest PCP sources.
* Mon Oct 24 2011 Mark Goodwin - 3.5.9-1
- Update to latest PCP sources.
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update pcp' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung