<div class="container">
    <h1>Security update for pcp</h1>

    <table class="table table-striped table-bordered">
        <tbody>
        <tr>
            <th>Announcement ID:</th>
            <td>SUSE-SU-2024:3976-1</td>
        </tr>
        <tr>
            <th>Release Date:</th>
            <td>2024-11-12T07:12:38Z</td>
        </tr>
        
        <tr>
            <th>Rating:</th>
            <td>important</td>
        </tr>
        <tr>
            <th>References:</th>
            <td>
                <ul>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1186511">bsc#1186511</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1217826">bsc#1217826</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1222121">bsc#1222121</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1222815">bsc#1222815</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1230551">bsc#1230551</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1230552">bsc#1230552</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1231345">bsc#1231345</a>
                        </li>
                    
                    
                        <li style="display: inline;">
                            <a href="https://jira.suse.com/browse/PED-8192">jsc#PED-8192</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://jira.suse.com/browse/PED-8389">jsc#PED-8389</a>
                        </li>
                    
                </ul>
            </td>
        </tr>
        
            <tr>
                <th>
                    Cross-References:
                </th>
                <td>
                    <ul>
                    
                        <li style="display: inline;">
                            <a href="https://www.suse.com/security/cve/CVE-2023-6917.html">CVE-2023-6917</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://www.suse.com/security/cve/CVE-2024-3019.html">CVE-2024-3019</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://www.suse.com/security/cve/CVE-2024-45769.html">CVE-2024-45769</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://www.suse.com/security/cve/CVE-2024-45770.html">CVE-2024-45770</a>
                        </li>
                    
                    </ul>
                </td>
            </tr>
            <tr>
                <th>CVSS scores:</th>
                <td>
                    <ul class="list-group">
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2023-6917</span>
                                <span class="cvss-source">
                                    (
                                    
                                        SUSE
                                    
                                    ):
                                </span>
                                <span class="cvss-score">6.7</span>
                                <span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2024-3019</span>
                                <span class="cvss-source">
                                    (
                                    
                                        SUSE
                                    
                                    ):
                                </span>
                                <span class="cvss-score">8.8</span>
                                <span class="cvss-vector">CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2024-45769</span>
                                <span class="cvss-source">
                                    (
                                    
                                        SUSE
                                    
                                    ):
                                </span>
                                <span class="cvss-score">5.7</span>
                                <span class="cvss-vector">CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2024-45769</span>
                                <span class="cvss-source">
                                    (
                                    
                                        SUSE
                                    
                                    ):
                                </span>
                                <span class="cvss-score">5.5</span>
                                <span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2024-45769</span>
                                <span class="cvss-source">
                                    (
                                    
                                        NVD
                                    
                                    ):
                                </span>
                                <span class="cvss-score">5.5</span>
                                <span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2024-45770</span>
                                <span class="cvss-source">
                                    (
                                    
                                        SUSE
                                    
                                    ):
                                </span>
                                <span class="cvss-score">4.6</span>
                                <span class="cvss-vector">CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2024-45770</span>
                                <span class="cvss-source">
                                    (
                                    
                                        SUSE
                                    
                                    ):
                                </span>
                                <span class="cvss-score">6.0</span>
                                <span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2024-45770</span>
                                <span class="cvss-source">
                                    (
                                    
                                        NVD
                                    
                                    ):
                                </span>
                                <span class="cvss-score">4.4</span>
                                <span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N</span>
                            </li>
                        
                    </ul>
                </td>
            </tr>
        
        <tr>
            <th>Affected Products:</th>
            <td>
                <ul class="list-group">
                    
                        <li class="list-group-item">SUSE Linux Enterprise High Performance Computing 12 SP5</li>
                    
                        <li class="list-group-item">SUSE Linux Enterprise Server 12 SP5</li>
                    
                        <li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 12 SP5</li>
                    
                        <li class="list-group-item">SUSE Linux Enterprise Software Development Kit 12 SP5</li>
                    
                </ul>
            </td>
        </tr>
        </tbody>
    </table>

    <p>An update that solves four vulnerabilities, contains two features and has three security fixes can now be installed.</p>

    


    
        <h2>Description:</h2>
    
    <p>This update for pcp fixes the following issues:</p>
<p>pcp was updated from version 3.11.9 to version 6.2.0 (jsc#PED-8192, jsc#PED-8389):</p>
<ul>
<li>
<p>Security issues fixed:</p>
</li>
<li>
<p>CVE-2024-45770: Fixed a symlink attack that allows escalating from the pcp to the root user (bsc#1230552)</p>
</li>
<li>CVE-2024-45769: Fixed a heap corruption through metric pmstore operations (bsc#1230551)</li>
<li>CVE-2023-6917: Fixed local privilege escalation from pcp user to root in /usr/libexec/pcp/lib/pmproxy (bsc#1217826)</li>
<li>
<p>CVE-2024-3019: Disabled redis proxy by default (bsc#1222121)</p>
</li>
<li>
<p>Major changes:</p>
</li>
<li>
<p>Add version 3 PCP archive support: instance domain change-deltas,
    Y2038-safe timestamps, nanosecond-precision timestamps, arbitrary timezones support, 64-bit file offsets used 
    throughout for larger (beyond 2GB) individual volumes.</p>
<ul>
<li>Opt-in using the /etc/pcp.conf PCP_ARCHIVE_VERSION setting</li>
<li>Version 2 archives remain the default (for next few years).</li>
</ul>
</li>
<li>Switch to using OpenSSL only throughout PCP (dropped NSS/NSPR);
    this impacts on libpcp, PMAPI clients and PMCD use of encryption;
    these are now configured and used consistently with pmproxy HTTPS support and redis-server, which were both already
    using OpenSSL.</li>
<li>New nanosecond precision timestamp PMAPI calls for PCP library interfaces that make use of timestamps.<br />
    These are all optional, and full backward compatibility is preserved for existing tools.</li>
<li>
<p>For the full list of changes please consult the packaged CHANGELOG file</p>
</li>
<li>
<p>Other packaging changes:</p>
</li>
<li>
<p>Reintroduce libuv support for SUSE Linux Enterprise 15 (bsc#1231345)</p>
</li>
<li>Moved pmlogger_daily into main package (bsc#1222815)</li>
<li>Switched logutil and pmieutil scripts from Type=oneshot to Type=exec (bsc#1186511)</li>
<li>Change dependency from openssl-devel >= 1.1.1 to openssl-devel >= 1.0.2p.
    Required for SUSE Linux Enterprise 12.</li>
<li>Disabled &#x27;pmda-infiniband&#x27; subpackage for SUSE Linux Enterprise 12 to resolve build issues.</li>
<li>Introduce &#x27;pmda-resctrl&#x27; package, disabled for architectures other than x86_64.</li>
<li>Change the architecture for various subpackages to &#x27;noarch&#x27; as they contain no binaries.</li>
<li>Disable &#x27;pmda-mssql&#x27;, as it fails to build.</li>
</ul>



    

    <h2>Patch Instructions:</h2>
    <p>
        To install this SUSE  update use the SUSE recommended
        installation methods like YaST online_update or "zypper patch".<br/>

        Alternatively you can run the command listed for your product:
    </p>
    <ul class="list-group">
        
            <li class="list-group-item">
                SUSE Linux Enterprise Software Development Kit 12 SP5
                
                    
                        <br/>
                        <code>zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-3976=1</code>
                    
                    
                
            </li>
        
    </ul>

    <h2>Package List:</h2>
    <ul>
        
            
                <li>
                    SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64)
                    <ul>
                        
                            <li>pcp-pmda-summary-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-cisco-debuginfo-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-zimbra-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-shping-6.2.0-6.29.2</li>
                        
                            <li>libpcp_gui2-debuginfo-6.2.0-6.29.2</li>
                        
                            <li>perl-PCP-LogSummary-6.2.0-6.29.2</li>
                        
                            <li>perl-PCP-LogImport-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-apache-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-apache-debuginfo-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-logger-debuginfo-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-mailq-debuginfo-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-nvidia-gpu-6.2.0-6.29.2</li>
                        
                            <li>perl-PCP-MMV-6.2.0-6.29.2</li>
                        
                            <li>pcp-import-collectl2pcp-debuginfo-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-bind2-6.2.0-6.29.2</li>
                        
                            <li>libpcp3-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-mounts-debuginfo-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-bash-debuginfo-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-summary-debuginfo-6.2.0-6.29.2</li>
                        
                            <li>perl-PCP-LogImport-debuginfo-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-docker-6.2.0-6.29.2</li>
                        
                            <li>libpcp_web1-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-mounts-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-weblog-debuginfo-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-gfs2-debuginfo-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-systemd-debuginfo-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-roomtemp-6.2.0-6.29.2</li>
                        
                            <li>libpcp_trace2-6.2.0-6.29.2</li>
                        
                            <li>pcp-debugsource-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-lustrecomm-6.2.0-6.29.2</li>
                        
                            <li>pcp-devel-debuginfo-6.2.0-6.29.2</li>
                        
                            <li>python3-pcp-debuginfo-6.2.0-6.29.2</li>
                        
                            <li>libpcp3-debuginfo-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-logger-6.2.0-6.29.2</li>
                        
                            <li>perl-PCP-PMDA-6.2.0-6.29.2</li>
                        
                            <li>perl-PCP-PMDA-debuginfo-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-systemd-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-cisco-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-gfs2-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-weblog-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-trace-debuginfo-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-trace-6.2.0-6.29.2</li>
                        
                            <li>libpcp_mmv1-debuginfo-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-dm-debuginfo-6.2.0-6.29.2</li>
                        
                            <li>perl-PCP-MMV-debuginfo-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-shping-debuginfo-6.2.0-6.29.2</li>
                        
                            <li>libpcp_trace2-debuginfo-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-cifs-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-nvidia-gpu-debuginfo-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-mailq-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-docker-debuginfo-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-sendmail-debuginfo-6.2.0-6.29.2</li>
                        
                            <li>pcp-system-tools-6.2.0-6.29.2</li>
                        
                            <li>libpcp_web1-debuginfo-6.2.0-6.29.2</li>
                        
                            <li>libpcp_gui2-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-cifs-debuginfo-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-lustrecomm-debuginfo-6.2.0-6.29.2</li>
                        
                            <li>libpcp_import1-6.2.0-6.29.2</li>
                        
                            <li>pcp-devel-6.2.0-6.29.2</li>
                        
                            <li>pcp-6.2.0-6.29.2</li>
                        
                            <li>pcp-import-collectl2pcp-6.2.0-6.29.2</li>
                        
                            <li>libpcp-devel-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-bash-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-sendmail-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-dm-6.2.0-6.29.2</li>
                        
                            <li>python3-pcp-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-roomtemp-debuginfo-6.2.0-6.29.2</li>
                        
                            <li>libpcp_import1-debuginfo-6.2.0-6.29.2</li>
                        
                            <li>libpcp_mmv1-6.2.0-6.29.2</li>
                        
                            <li>pcp-debuginfo-6.2.0-6.29.2</li>
                        
                    </ul>
                </li>
            
                <li>
                    SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch)
                    <ul>
                        
                            <li>pcp-pmda-gluster-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-unbound-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-lmsensors-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-netfilter-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-mysql-6.2.0-6.29.2</li>
                        
                            <li>pcp-doc-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-oracle-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-gpsd-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-lustre-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-nfsclient-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-bonding-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-ds389log-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-slurm-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-samba-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-ds389-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-nutcracker-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-news-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-mic-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-activemq-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-nginx-6.2.0-6.29.2</li>
                        
                            <li>pcp-import-mrtg2pcp-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-pdns-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-gpfs-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-postfix-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-memcache-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-snmp-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-elasticsearch-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-zswap-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-named-6.2.0-6.29.2</li>
                        
                            <li>pcp-export-pcp2influxdb-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-dbping-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-rsyslog-6.2.0-6.29.2</li>
                        
                            <li>pcp-import-sar2pcp-6.2.0-6.29.2</li>
                        
                            <li>pcp-import-iostat2pcp-6.2.0-6.29.2</li>
                        
                            <li>pcp-import-ganglia2pcp-6.2.0-6.29.2</li>
                        
                            <li>pcp-conf-6.2.0-6.29.2</li>
                        
                            <li>pcp-export-pcp2graphite-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-redis-6.2.0-6.29.2</li>
                        
                    </ul>
                </li>
            
                <li>
                    SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le x86_64)
                    <ul>
                        
                            <li>pcp-pmda-perfevent-debuginfo-6.2.0-6.29.2</li>
                        
                            <li>pcp-pmda-perfevent-6.2.0-6.29.2</li>
                        
                    </ul>
                </li>
            
        
    </ul>

    
        <h2>References:</h2>
        <ul>
            
                
                    <li>
                        <a href="https://www.suse.com/security/cve/CVE-2023-6917.html">https://www.suse.com/security/cve/CVE-2023-6917.html</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://www.suse.com/security/cve/CVE-2024-3019.html">https://www.suse.com/security/cve/CVE-2024-3019.html</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://www.suse.com/security/cve/CVE-2024-45769.html">https://www.suse.com/security/cve/CVE-2024-45769.html</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://www.suse.com/security/cve/CVE-2024-45770.html">https://www.suse.com/security/cve/CVE-2024-45770.html</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1186511">https://bugzilla.suse.com/show_bug.cgi?id=1186511</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1217826">https://bugzilla.suse.com/show_bug.cgi?id=1217826</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1222121">https://bugzilla.suse.com/show_bug.cgi?id=1222121</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1222815">https://bugzilla.suse.com/show_bug.cgi?id=1222815</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1230551">https://bugzilla.suse.com/show_bug.cgi?id=1230551</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1230552">https://bugzilla.suse.com/show_bug.cgi?id=1230552</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1231345">https://bugzilla.suse.com/show_bug.cgi?id=1231345</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://jira.suse.com/browse/PED-8192">https://jira.suse.com/browse/PED-8192</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://jira.suse.com/browse/PED-8389">https://jira.suse.com/browse/PED-8389</a>
                    </li>
                
            
        </ul>
    
</div>