Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Red Hat Enterprise Linux: RHSA-2020:3869 Low Severity: pcp Security Bug Fix

red hat
Calendar Grey September 29, 2020
Dist Redhat Esm H88
Debian has issued a minor patch for nfs-utils, targeting potential local privilege escalation vulnerabilities and introducing performance upgrades.
An update for pcp is now available for Red Hat Enterprise Linux 7

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems.
Security Fix(es):
* pcp: Local privilege escalation in pcp spec file %post section (CVE-2019-3695)
* pcp: Local privilege escalation in pcp spec file through migrate_tempdirs(CVE-2019-3696)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

Topics%20covered

Topics Covered

security advisory local privilege escalation bug fix Red Hat Enterprise Linux low severity enhancement pcp update

References

https://access.redhat.com/security/cve/CVE-2019-3695 https://access.redhat.com/security/cve/CVE-2019-3696 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index

Package List

Red Hat Enterprise Linux Client (v. 7):
Source: pcp-4.3.2-12.el7.src.rpm
noarch: pcp-doc-4.3.2-12.el7.noarch.rpm
x86_64: pcp-4.3.2-12.el7.x86_64.rpm pcp-conf-4.3.2-12.el7.x86_64.rpm pcp-debuginfo-4.3.2-12.el7.i686.rpm pcp-debuginfo-4.3.2-12.el7.x86_64.rpm pcp-export-pcp2graphite-4.3.2-12.el7.x86_64.rpm pcp-gui-4.3.2-12.el7.x86_64.rpm pcp-libs-4.3.2-12.el7.i686.rpm pcp-libs-4.3.2-12.el7.x86_64.rpm pcp-manager-4.3.2-12.el7.x86_64.rpm pcp-pmda-activemq-4.3.2-12.el7.x86_64.rpm pcp-pmda-apache-4.3.2-12.el7.x86_64.rpm pcp-pmda-bash-4.3.2-12.el7.x86_64.rpm pcp-pmda-bonding-4.3.2-12.el7.x86_64.rpm pcp-pmda-cisco-4.3.2-12.el7.x86_64.rpm pcp-pmda-dbping-4.3.2-12.el7.x86_64.rpm pcp-pmda-dm-4.3.2-12.el7.x86_64.rpm pcp-pmda-ds389-4.3.2-12.el7.x86_64.rpm pcp-pmda-ds389log-4.3.2-12.el7.x86_64.rpm pcp-pmda-elasticsearch-4.3.2-12.el7.x86_64.rpm pcp-pmda-gfs2-4.3.2-12.el7.x86_64.rpm pcp-pmda-gluster-4.3.2-12.el7.x86_64.rpm pcp-pmda-gpfs-4.3.2-12.el7.x86_64.rpm pcp-pmda-gpsd-4.3.2-12.el7.x86_64.rpm pcp-pmda-json-4.3.2-12.el7.x86_64.rpm pcp-pmda-lmsensors-4.3.2-12.el7.x86_64.rpm pcp-pmda-logger-4.3.2-12.el7.x86_64.rpm pcp-pmda-lustre-4.3.2-12.el7.x86_64.rpm pcp-pmda-lustrecomm-4.3.2-12.el7.x86_64.rpm pcp-pmda-mailq-4.3.2-12.el7.x86_64.rpm pcp-pmda-memcache-4.3.2-12.el7.x86_64.rpm

Read the Full Advisory


Severity
low
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2020:3869-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3869
Issue date: 2020-09-29

Topic

An update for pcp is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impactof Low. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory local privilege escalation bug fix Red Hat Enterprise Linux low severity enhancement pcp update

Relevant Releases Architectures

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64

Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64

Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64

Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64

Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

Bugs Fixed

1730107 - Hugepage data is incorrect

1730492 - Some numa nodes have no instances

1749870 - SELinux is preventing pcp-pmda-named from executing /usr/sbin/rndc

1756252 - Missing dependency of pcp-selinux package on selinux-policy-targeted package

1760750 - SELinux issue when running sanity tests of PCP testsuite

1764748 - pcp atopsar ignores 'samples' count

1765641 - pcp atop crash due to devtstat->nprocactive set to one above the expected value

1775373 - [RFE] pcp-zeroconf should gather per-thread info by default

1792859 - pmlogger SELinux issue

1811703 - CVE-2019-3695 pcp: Local privilege escalation in pcp spec file %post section

1811707 - CVE-2019-3696 pcp: Local privilege escalation in pcp spec file through migrate_tempdirs1818710 - pcp-atop is crashing due to an uninitialized value within a sort comparison routine

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here