SUSE-CU-2024:5299-1: Security update of suse/pcp

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed Oct 23 07:05:50 UTC 2024 

SUSE Container Update Advisory: suse/pcp
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:5299-1
Container Tags        : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-37.9 , suse/pcp:latest
Container Release     : 37.9
Severity              : important
Type                  : security
References            : 1188441 1210959 1214915 1217826 1219031 1220724 1221601 1222121
                        1222815 1227100 1227807 1230111 1230135 1230145 1230551 1230552
                        1231051 1231345 CVE-2023-6917 CVE-2024-3019 CVE-2024-45769 CVE-2024-45770
-----------------------------------------------------------------

The container suse/pcp was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3528-1
Released:    Fri Oct  4 15:31:43 2024
Summary:     Recommended update for e2fsprogs
Type:        recommended
Severity:    moderate
References:  1230145
This update for e2fsprogs fixes the following issue:

- resize2fs: Check  number of group descriptors only if meta_bg is disabled
  (bsc#1230145).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3533-1
Released:    Fri Oct  4 16:40:27 2024
Summary:     Security update for pcp
Type:        security
Severity:    important
References:  1217826,1222121,1222815,1230551,1230552,CVE-2023-6917,CVE-2024-3019,CVE-2024-45769,CVE-2024-45770
This update for pcp fixes the following issues:

pcp was updated from version 5.3.7 to version 6.2.0 (jsc#PED-8192, jsc#PED-8389):

- Security issues fixed:

  * CVE-2024-45770: Fixed a symlink attack that allows escalating from the pcp to the root user (bsc#1230552)
  * CVE-2024-45769: Fixed a heap corruption through metric pmstore operations (bsc#1230551)
  * CVE-2023-6917: Fixed local privilege escalation from pcp user to root in /usr/libexec/pcp/lib/pmproxy (bsc#1217826)
  * CVE-2024-3019: Disabled redis proxy by default (bsc#1222121)

- Major changes:

  * Add version 3 PCP archive support: instance domain change-deltas,
    Y2038-safe timestamps, nanosecond-precision timestamps, arbitrary timezones support, 64-bit file offsets used 
    throughout for larger (beyond 2GB) individual volumes.
    + Opt-in using the /etc/pcp.conf PCP_ARCHIVE_VERSION setting
    + Version 2 archives remain the default (for next few years).
  * Switch to using OpenSSL only throughout PCP (dropped NSS/NSPR);
    this impacts on libpcp, PMAPI clients and PMCD use of encryption;
    these are now configured and used consistently with pmproxy HTTPS support and redis-server, which were both already
    using OpenSSL.
  * New nanosecond precision timestamp PMAPI calls for PCP library interfaces that make use of timestamps.  
    These are all optional, and full backward compatibility is preserved for existing tools.
  * For the full list of changes please consult the packaged CHANGELOG file
    
- Other packaging changes:

  * Moved pmlogger_daily into main package (bsc#1222815)
  * Change dependency from openssl-devel >= 1.1.1 to openssl-devel >= 1.0.2p.
    Required for SLE-12.
  * Introduce 'pmda-resctrl' package, disabled for architectures other than x86_64.
  * Change the architecture for various subpackages to 'noarch' as they contain no binaries.
  * Disable 'pmda-mssql', as it fails to build.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3589-1
Released:    Thu Oct 10 16:39:07 2024
Summary:     Recommended update for cyrus-sasl
Type:        recommended
Severity:    moderate
References:  1230111
This update for cyrus-sasl fixes the following issues:

- Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) 
  RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3597-1
Released:    Fri Oct 11 10:39:52 2024
Summary:     Recommended update for bash
Type:        recommended
Severity:    moderate
References:  1227807
This update for bash fixes the following issues:

- Load completion file eveh if a brace expansion is in the
  command line included (bsc#1227807).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3609-1
Released:    Mon Oct 14 11:39:13 2024
Summary:     Recommended update for SLES-release
Type:        recommended
Severity:    moderate
References:  1227100,1230135
This update for SLES-release fixes the following issues:

- update codestream end date (bsc#1227100)
- added weakremover(libsemanage1) (bsc#1230135)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3659-1
Released:    Wed Oct 16 15:12:47 2024
Summary:     Recommended update for gcc14
Type:        recommended
Severity:    moderate
References:  1188441,1210959,1214915,1219031,1220724,1221601
This update for gcc14 fixes the following issues:

This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474)

The compiler runtime libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 13 ones.

The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module.

The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.

To use gcc14 compilers use:

- install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages.
- override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages.

For a full changelog with all new GCC14 features, check out

	https://gcc.gnu.org/gcc-14/changes.html


- Add libquadmath0-devel-gcc14 sub-package to allow installing
  quadmath.h and SO link without installing the fortran frontend

- Avoid combine spending too much compile-time and memory doing nothing on s390x.  [bsc#1188441]
- Remove timezone Recommends from the libstdc++6 package.  [bsc#1221601]
- Revert libgccjit dependency change.  [bsc#1220724]
- Fix libgccjit-devel dependency, a newer shared library is OK.
- Fix libgccjit dependency, the corresponding compiler isn't required.
- Add cross-X-newlib-devel requires to newlib cross compilers.
  [bsc#1219031]
- Re-enable AutoReqProv for cross packages but filter files processed
  via __requires_exclude_from and __provides_exclude_from.
  [bsc#1219031]
- Package m2rte.so plugin in the gcc14-m2 sub-package rather than
  in gcc13-devel.  [bsc#1210959]
- Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs
  are linked against libstdc++6.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3726-1
Released:    Fri Oct 18 11:56:40 2024
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1231051
This update for glibc fixes the following issue:

- Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3743-1
Released:    Tue Oct 22 14:09:48 2024
Summary:     Recommended update for pcp
Type:        recommended
Severity:    moderate
References:  1231345
This update for pcp fixes the following issues:

- Reintroduce libuv support for SLE >= 15 (bsc#1231345). 
 

The following package changes have been done:

- glibc-2.38-150600.14.14.2 updated
- libsasl2-3-2.1.28-150600.7.3.1 updated
- libcom_err2-1.47.0-150600.4.6.2 updated
- libgcc_s1-14.2.0+git10526-150000.1.3.3 updated
- libstdc++6-14.2.0+git10526-150000.1.3.3 updated
- libudev1-254.18-150600.4.15.10 updated
- libreadline7-7.0-150400.27.3.2 updated
- bash-4.4-150400.27.3.2 updated
- bash-sh-4.4-150400.27.3.2 updated
- sles-release-15.6-150600.64.3.1 updated
- pcp-conf-6.2.0-150600.3.9.1 updated
- cyrus-sasl-2.1.28-150600.7.3.1 updated
- libpcp3-6.2.0-150600.3.9.1 updated
- libpcp_trace2-6.2.0-150600.3.9.1 updated
- libpcp_mmv1-6.2.0-150600.3.9.1 updated
- libpcp_import1-6.2.0-150600.3.9.1 updated
- libpcp_gui2-6.2.0-150600.3.9.1 updated
- libpcp_web1-6.2.0-150600.3.9.1 updated
- pcp-6.2.0-150600.3.9.1 updated
- container:bci-bci-init-15.6-1f347c823763d30156dbf4c941c49e670ac0212c484cda0e5853c5158acd957b-0 updated
- libfreebl3-3.101.2-150400.3.51.1 removed
- libsoftokn3-3.101.2-150400.3.51.1 removed
- libsqlite3-0-3.44.0-150000.3.23.1 removed
- mozilla-nspr-4.35-150000.3.29.1 removed
- mozilla-nss-3.101.2-150400.3.51.1 removed
- mozilla-nss-certs-3.101.2-150400.3.51.1 removed

More information about the sle-container-updates mailing list