Sicherheit: Mehrere Probleme in pcp

Lesezeichen hinzufügen

SUSE Security Update: Security update for pcp
______________________________________________________________________________

Announcement ID: SUSE-SU-2013:0190-1
Rating: important
References: #732763 #775009 #775010 #775011 #775013 #782967

Cross-References: CVE-2012-3418 CVE-2012-3419 CVE-2012-3420
CVE-2012-3421
Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 10 SP4
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 10 SP4
SLE SDK 10 SP4
______________________________________________________________________________

An update that solves four vulnerabilities and has two
fixes is now available. It includes two new package
versions.

Description:

pcp was updated to version 3.6.10 which fixes security
issues and also brings a lot of new features.

*

Update to pcp-3.6.10.

o Transition daemons to run under an unprivileged
account. o Fixes for security advisory CVE-2012-5530:
tmpfile flaws; (bnc#782967). o Fix pcp(1) command
short-form pmlogger reporting. o Fix pmdalogger error
handling for directory files. o Fix pmstat handling of odd
corner case in CPU metrics. o Correct the python ctype used
for pmAtomValue 32bit ints. o Add missing RPM spec
dependency for python-ctypes. o Corrections to pmdamysql
metrics units. o Add pmdamysql slave status metrics. o
Improve pmcollectl error messages. o Parameterize
pmcollectl CPU counts in interrupt subsys. o Fix generic
RPM packaging for powerpc builds. o Fix python API use of
reentrant libpcp string routines. o Python code backporting
for RHEL5 in qa and pmcollectl. o Fix edge cases in
capturing interrupt error counts.
*

Update to pcp-3.6.9.

o Python wrapper for the pmimport API o Make
sar2pcp work with the sysstat versions from RHEL5, RHEL6,
and all recent Fedora versions (which is almost all current
versions of sysstat verified). o Added a number of
additional metrics into the importer for people starting to
use it to analyse sar data from real customer incidents. o
Rework use of C99 "restrict" keyword in pmdalogger (Debian
bug: 689552) o Alot of work on the PCP QA suite, special
thanks to Tomas Dohnalek for all his efforts there. o Win32
build updates o Add "raw" disk active metrics so that
existing tools like iostat can be emulated o Allow sar2pcp
to accept XML input directly (.xml suffix), allowing it to
not have to run on the same platform as the sadc/sadf that
originally generated it. o Add PMI error codes into the
PCP::LogImport perl module. o Fix a typo in pmiUnits man
page synopsis section o Resolve pmdalinux ordering issue in
NUMA/CPU indom setup (Redhat bug: 858384) o Remove unused
pmcollectl imports (Redhat bug: 863210) o Allow event
traces to be used in libpcp interpolate mode
*

Update to pcp-3.6.8.

o Corrects the disk/partition identification for
the MMC driver, which makes disk indom handling correct on
the Raspberry Pi (http://www.raspberrypi.org/) o Several
minor/basic fixes for pmdaoracle. o Improve pmcollectl
compatibility. o Make a few clarifications to pmcollectl.1.
o Improve python API test coverage. o Numerous updates to
the test suite in general. o Allow pmda Install scripts to
specify own dso name again. o Reconcile spec file
differences between PCP flavours. o Fix handling of
multiple contexts with a remote namespace. o Core socket
interface abstractions to support NSS (later). o Fix man
page SYNOPSIS section for pmUnpackEventRecords. o Add
--disable-shared build option for static builds.
*

Update to pcp-3.6.6.

o Added the python PMAPI bindings and an initial
python client in pmcollectl. Separate, new package exists
for python libs for those platforms that split out packages
(rpm, deb). o Added a pcp-testsuite package for those
platforms that might want this (rpm, deb again, mainly) o
Re-introduced the pcp/qa subdirectory in pcp and deprecated
the external pcpqa git tree. o Fix potential buffer
overflow in pmlogger host name handling. o Reworked the
configure --prefix handling to be more like the rest of the
open source world. o Ensure the __pmDecodeText ident
parameter is always set Resolves Red Hat bugzilla bug
#841306.

Security Issue references:

* CVE-2012-3418
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3418
>
* CVE-2012-3419
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3419
>
* CVE-2012-3420
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3420
>
* CVE-2012-3421
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3421
>

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- SUSE Linux Enterprise Software Development Kit 11 SP2:

zypper in -t patch sdksp2-libpcp3-7221

- SUSE Linux Enterprise Server 11 SP2 for VMware:

zypper in -t patch slessp2-libpcp3-7221

- SUSE Linux Enterprise Server 11 SP2:

zypper in -t patch slessp2-libpcp3-7221

- SUSE Linux Enterprise Desktop 11 SP2:

zypper in -t patch sledsp2-libpcp3-7221

To bring your system up-to-date, use "zypper patch".

Package List:

- SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64
s390x x86_64) [New Version: 3.6.10]:

libpcp3-3.6.10-0.3.1
pcp-3.6.10-0.3.1
pcp-devel-3.6.10-0.3.1
pcp-import-iostat2pcp-3.6.10-0.3.1
pcp-import-mrtg2pcp-3.6.10-0.3.1
pcp-import-sar2pcp-3.6.10-0.3.1
pcp-import-sheet2pcp-3.6.10-0.3.1
perl-PCP-LogImport-3.6.10-0.3.1
perl-PCP-LogSummary-3.6.10-0.3.1
perl-PCP-MMV-3.6.10-0.3.1
perl-PCP-PMDA-3.6.10-0.3.1

- SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version:
2013.1.7]:

permissions-2013.1.7-0.3.1

- SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New
Version: 2013.1.7]:

permissions-2013.1.7-0.3.1

- SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64) [New
Version: 2013.1.7 and 3.6.10]:

libpcp3-3.6.10-0.5.1
pcp-3.6.10-0.5.1
pcp-import-iostat2pcp-3.6.10-0.5.1
pcp-import-mrtg2pcp-3.6.10-0.5.1
pcp-import-sar2pcp-3.6.10-0.5.1
pcp-import-sheet2pcp-3.6.10-0.5.1
perl-PCP-LogImport-3.6.10-0.5.1
perl-PCP-LogSummary-3.6.10-0.5.1
perl-PCP-MMV-3.6.10-0.5.1
perl-PCP-PMDA-3.6.10-0.5.1
permissions-2013.1.7-0.5.1

- SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version:
2013.1.7]:

permissions-2013.1.7-0.3.1

- SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64) [New Version:
2013.1.7]:

permissions-2013.1.7-0.5.1

- SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 3.6.10]:

libpcp3-3.6.10-0.5.1
pcp-3.6.10-0.5.1
pcp-devel-3.6.10-0.5.1
pcp-import-iostat2pcp-3.6.10-0.5.1
pcp-import-mrtg2pcp-3.6.10-0.5.1
pcp-import-sar2pcp-3.6.10-0.5.1
pcp-import-sheet2pcp-3.6.10-0.5.1
perl-PCP-LogImport-3.6.10-0.5.1
perl-PCP-LogSummary-3.6.10-0.5.1
perl-PCP-MMV-3.6.10-0.5.1
perl-PCP-PMDA-3.6.10-0.5.1

References:

http://support.novell.com/security/cve/CVE-2012-3418.html
http://support.novell.com/security/cve/CVE-2012-3419.html
http://support.novell.com/security/cve/CVE-2012-3420.html
http://support.novell.com/security/cve/CVE-2012-3421.html
https://bugzilla.novell.com/732763
https://bugzilla.novell.com/775009
https://bugzilla.novell.com/775010
https://bugzilla.novell.com/775011
https://bugzilla.novell.com/775013
https://bugzilla.novell.com/782967
?keywords=51012200090dff3a8a3a0cbcae5a4be2
?keywords=86d59a2714828a99a56a3fdba3660c73

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org