Detections
Analytics
SuSE 10 Security Update : pcp (ZYPP Patch Number 8421)
medium Nessus Plugin ID 63680
Language:
Synopsis
The remote SuSE 10 host is missing a security-related patch.Description
pcp was updated to version 3.6.10 which fixes security issues and also brings a lot of new features.- Update to pcp-3.6.10. o Transition daemons to run under an unprivileged account. o Fixes for security advisory CVE-2012-5530: tmpfile flaws; (bnc#782967). o Fix pcp(1) command short-form pmlogger reporting. o Fix pmdalogger error handling for directory files. o Fix pmstat handling of odd corner case in CPU metrics. o Correct the python ctype used for pmAtomValue 32bit ints. o Add missing RPM spec dependency for python-ctypes. o Corrections to pmdamysql metrics units. o Add pmdamysql slave status metrics. o Improve pmcollectl error messages. o Parameterize pmcollectl CPU counts in interrupt subsys. o Fix generic RPM packaging for powerpc builds. o Fix python API use of reentrant libpcp string routines. o Python code backporting for RHEL5 in qa and pmcollectl. o Fix edge cases in capturing interrupt error counts.
- Update to pcp-3.6.9. o Python wrapper for the pmimport API o Make sar2pcp work with the sysstat versions from RHEL5, RHEL6, and all recent Fedora versions (which is almost all current versions of sysstat verified). o Added a number of additional metrics into the importer for people starting to use it to analyse sar data from real customer incidents. o Rework use of C99 'restrict' keyword in pmdalogger (Debian bug: 689552) o Alot of work on the PCP QA suite, special thanks to Tomas Dohnalek for all his efforts there. o Win32 build updates o Add 'raw' disk active metrics so that existing tools like iostat can be emulated o Allow sar2pcp to accept XML input directly (.xml suffix), allowing it to not have to run on the same platform as the sadc/sadf that originally generated it. o Add PMI error codes into the PCP::LogImport perl module. o Fix a typo in pmiUnits man page synopsis section o Resolve pmdalinux ordering issue in NUMA/CPU indom setup (Redhat bug: 858384) o Remove unused pmcollectl imports (Redhat bug: 863210) o Allow event traces to be used in libpcp interpolate mode
- Update to pcp-3.6.8. o Corrects the disk/partition identification for the MMC driver, which makes disk indom handling correct on the Raspberry Pi (http://www.raspberrypi.org/) o Several minor/basic fixes for pmdaoracle. o Improve pmcollectl compatibility. o Make a few clarifications to pmcollectl.1. o Improve python API test coverage. o Numerous updates to the test suite in general. o Allow pmda Install scripts to specify own dso name again. o Reconcile spec file differences between PCP flavours. o Fix handling of multiple contexts with a remote namespace. o Core socket interface abstractions to support NSS (later). o Fix man page SYNOPSIS section for pmUnpackEventRecords. o Add --disable-shared build option for static builds.
- Update to pcp-3.6.6. o Added the python PMAPI bindings and an initial python client in pmcollectl. Separate, new package exists for python libs for those platforms that split out packages (rpm, deb). o Added a pcp-testsuite package for those platforms that might want this (rpm, deb again, mainly) o Re-introduced the pcp/qa subdirectory in pcp and deprecated the external pcpqa git tree. o Fix potential buffer overflow in pmlogger host name handling. o Reworked the configure
--prefix handling to be more like the rest of the open source world. o Ensure the __pmDecodeText ident parameter is always set Resolves Red Hat bugzilla bug #841306.
Solution
Apply ZYPP patch number 8421.See Also
http://support.novell.com/security/cve/CVE-2012-3418.html
http://support.novell.com/security/cve/CVE-2012-3419.html
http://support.novell.com/security/cve/CVE-2012-3420.html
Plugin Details
Severity: Medium
ID: 63680
File Name: suse_libpcp3-8421.nasl
Version: 1.4
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 1/24/2013
Updated: 1/19/2021
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 5
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
Vulnerability Information
CPE: cpe:/o:suse:suse_linux
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Patch Publication Date: 1/7/2013
Vulnerability Publication Date: 8/27/2012
Reference Information
CVE: CVE-2012-3418, CVE-2012-3419, CVE-2012-3420, CVE-2012-3421, CVE-2012-5530