SuSE 11.2 Security Update : pcp (SAT Patch Number 7221)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 11 host is missing a security update.

Description :

pcp was updated to version 3.6.10 which fixes security issues and also
brings a lot of new features.

- Update to pcp-3.6.10.

- Transition daemons to run under an unprivileged account.

- Fixes for security advisory CVE-2012-5530: tmpfile
flaws;. (bnc#782967)

- Fix pcp(1) command short-form pmlogger reporting.

- Fix pmdalogger error handling for directory files.

- Fix pmstat handling of odd corner case in CPU metrics.

- Correct the python ctype used for pmAtomValue 32bit
ints.

- Add missing RPM spec dependency for python-ctypes.

- Corrections to pmdamysql metrics units.

- Add pmdamysql slave status metrics.

- Improve pmcollectl error messages.

- Parameterize pmcollectl CPU counts in interrupt subsys.

- Fix generic RPM packaging for powerpc builds.

- Fix python API use of reentrant libpcp string routines.

- Python code backporting for RHEL5 in qa and pmcollectl.

- Fix edge cases in capturing interrupt error counts.

- Update to pcp-3.6.9.

- Python wrapper for the pmimport API

- Make sar2pcp work with the sysstat versions from RHEL5,
RHEL6, and all recent Fedora versions (which is almost
all current versions of sysstat verified).

- Added a number of additional metrics into the importer
for people starting to use it to analyse sar data from
real customer incidents.

- Rework use of C99 'restrict' keyword in pmdalogger
(Debian bug: 689552)

- Alot of work on the PCP QA suite, special thanks to
Tomas Dohnalek for all his efforts there.

- Win32 build updates

- Add 'raw' disk active metrics so that existing tools
like iostat can be emulated

- Allow sar2pcp to accept XML input directly (.xml
suffix), allowing it to not have to run on the same
platform as the sadc/sadf that originally generated it.

- Add PMI error codes into the PCP::LogImport perl module.

- Fix a typo in pmiUnits man page synopsis section

- Resolve pmdalinux ordering issue in NUMA/CPU indom setup
(Redhat bug: 858384)

- Remove unused pmcollectl imports (Redhat bug: 863210)

- Allow event traces to be used in libpcp interpolate mode

- Update to pcp-3.6.8.

- Corrects the disk/partition identification for the MMC
driver, which makes disk indom handling correct on the
Raspberry Pi (http://www.raspberrypi.org/)

- Several minor/basic fixes for pmdaoracle.

- Improve pmcollectl compatibility.

- Make a few clarifications to pmcollectl.1.

- Improve python API test coverage.

- Numerous updates to the test suite in general.

- Allow pmda Install scripts to specify own dso name
again.

- Reconcile spec file differences between PCP flavours.

- Fix handling of multiple contexts with a remote
namespace.

- Core socket interface abstractions to support NSS
(later).

- Fix man page SYNOPSIS section for pmUnpackEventRecords.

- Add --disable-shared build option for static builds.

- Update to pcp-3.6.6.

- Added the python PMAPI bindings and an initial python
client in pmcollectl. Separate, new package exists for
python libs for those platforms that split out packages
(rpm, deb).

- Added a pcp-testsuite package for those platforms that
might want this (rpm, deb again, mainly)

- Re-introduced the pcp/qa subdirectory in pcp and
deprecated the external pcpqa git tree.

- Fix potential buffer overflow in pmlogger host name
handling.

- Reworked the configure --prefix handling to be more like
the rest of the open source world.

- Ensure the __pmDecodeText ident parameter is always set
Resolves Red Hat bugzilla bug #841306.

See also :

https://bugzilla.novell.com/show_bug.cgi?id=732763
https://bugzilla.novell.com/show_bug.cgi?id=775009
https://bugzilla.novell.com/show_bug.cgi?id=775010
https://bugzilla.novell.com/show_bug.cgi?id=775011
https://bugzilla.novell.com/show_bug.cgi?id=775013
https://bugzilla.novell.com/show_bug.cgi?id=782967
http://support.novell.com/security/cve/CVE-2012-3418.html
http://support.novell.com/security/cve/CVE-2012-3419.html
http://support.novell.com/security/cve/CVE-2012-3420.html
http://support.novell.com/security/cve/CVE-2012-3421.html
http://support.novell.com/security/cve/CVE-2012-5530.html

Solution :

Apply SAT patch number 7221.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 64188 ()

Bugtraq ID:

CVE ID: CVE-2012-3418
CVE-2012-3419
CVE-2012-3420
CVE-2012-3421
CVE-2012-5530

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now