Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

SUSE Linux Micro 6.0: 2025:20133-1 important: pcp issues fixed

suse
Calendar Grey June 4, 2025
Dist Suse Esm H88
SUSE Linux Micro has released urgent patches addressing several pcp security flaws, particularly issues related to remote command execution vulnerabilities.
* bsc#1069468 * bsc#1217783 * bsc#1217826 * bsc#1222121 * bsc#1222815

Summary

## This update for pcp fixes the following issues: * CVE-2024-45770: Fixed `pmpost` symlink attack allowing escalating `pcp` to `root` user (bsc#1230552). * CVE-2024-45769: Fixed `pmcd` heap corruption through metric pmstore operations (bsc#1230551). * CVE-2024-3019: Fixed exposure of the redis backend server allowing remote command execution via pmproxy (bsc#1222121). * CVE-2023-6917: Fixed Local privilege escalation from pcp user to root in /usr/libexec/pcp/lib/pmproxy (bsc#1217826). Other fixes: \- Updated to version 6.2.0 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-222=1

References

* bsc#1069468

* bsc#1217783

* bsc#1217826

* bsc#1222121

* bsc#1222815

* bsc#1230551

* bsc#1230552

Cross-

* CVE-2023-6917

* CVE-2024-3019

* CVE-2024-45769

* CVE-2024-45770

CVSS scores:

* CVE-2023-6917 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-6917 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

* CVE-2023-6917 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-3019 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-45769 ( SUSE ): 5.7

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2024-45769 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-45769 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-45770 ( SUSE ): 4.6

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:20133-1
Release Date: 2025-03-05T15:58:43Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here