Detections
Analytics

SuSE 11.2 Security Update : pcp (SAT Patch Number 7221)

medium Nessus Plugin ID 64188

Language:

Synopsis

The remote SuSE 11 host is missing a security update.

Description

pcp was updated to version 3.6.10 which fixes security issues and also brings a lot of new features.

 - Update to pcp-3.6.10.

 - Transition daemons to run under an unprivileged account.

 - Fixes for security advisory CVE-2012-5530: tmpfile flaws;. (bnc#782967)

 - Fix pcp(1) command short-form pmlogger reporting.

 - Fix pmdalogger error handling for directory files.

 - Fix pmstat handling of odd corner case in CPU metrics.

 - Correct the python ctype used for pmAtomValue 32bit ints.

 - Add missing RPM spec dependency for python-ctypes.

 - Corrections to pmdamysql metrics units.

 - Add pmdamysql slave status metrics.

 - Improve pmcollectl error messages.

 - Parameterize pmcollectl CPU counts in interrupt subsys.

 - Fix generic RPM packaging for powerpc builds.

 - Fix python API use of reentrant libpcp string routines.

 - Python code backporting for RHEL5 in qa and pmcollectl.

 - Fix edge cases in capturing interrupt error counts.

 - Update to pcp-3.6.9.

 - Python wrapper for the pmimport API

 - Make sar2pcp work with the sysstat versions from RHEL5, RHEL6, and all recent Fedora versions (which is almost all current versions of sysstat verified).

 - Added a number of additional metrics into the importer for people starting to use it to analyse sar data from real customer incidents.

 - Rework use of C99 'restrict' keyword in pmdalogger (Debian bug: 689552)

 - Alot of work on the PCP QA suite, special thanks to Tomas Dohnalek for all his efforts there.

 - Win32 build updates

 - Add 'raw' disk active metrics so that existing tools like iostat can be emulated

 - Allow sar2pcp to accept XML input directly (.xml suffix), allowing it to not have to run on the same platform as the sadc/sadf that originally generated it.

 - Add PMI error codes into the PCP::LogImport perl module.

 - Fix a typo in pmiUnits man page synopsis section

 - Resolve pmdalinux ordering issue in NUMA/CPU indom setup (Redhat bug: 858384)

 - Remove unused pmcollectl imports (Redhat bug: 863210)

 - Allow event traces to be used in libpcp interpolate mode

 - Update to pcp-3.6.8.

 - Corrects the disk/partition identification for the MMC driver, which makes disk indom handling correct on the Raspberry Pi (http://www.raspberrypi.org/)

 - Several minor/basic fixes for pmdaoracle.

 - Improve pmcollectl compatibility.

 - Make a few clarifications to pmcollectl.1.

 - Improve python API test coverage.

 - Numerous updates to the test suite in general.

 - Allow pmda Install scripts to specify own dso name again.

 - Reconcile spec file differences between PCP flavours.

 - Fix handling of multiple contexts with a remote namespace.

 - Core socket interface abstractions to support NSS (later).

 - Fix man page SYNOPSIS section for pmUnpackEventRecords.

 - Add --disable-shared build option for static builds.

 - Update to pcp-3.6.6.

 - Added the python PMAPI bindings and an initial python client in pmcollectl. Separate, new package exists for python libs for those platforms that split out packages (rpm, deb).

 - Added a pcp-testsuite package for those platforms that might want this (rpm, deb again, mainly)

 - Re-introduced the pcp/qa subdirectory in pcp and deprecated the external pcpqa git tree.

 - Fix potential buffer overflow in pmlogger host name handling.

 - Reworked the configure --prefix handling to be more like the rest of the open source world.

 - Ensure the __pmDecodeText ident parameter is always set Resolves Red Hat bugzilla bug #841306.

Solution

Apply SAT patch number 7221.

See Also

http://support.novell.com/security/cve/CVE-2012-3419.html

http://support.novell.com/security/cve/CVE-2012-3420.html

http://support.novell.com/security/cve/CVE-2012-3421.html

http://support.novell.com/security/cve/CVE-2012-5530.html

https://bugzilla.novell.com/show_bug.cgi?id=732763

https://bugzilla.novell.com/show_bug.cgi?id=775009

https://bugzilla.novell.com/show_bug.cgi?id=775010

https://bugzilla.novell.com/show_bug.cgi?id=775011

https://bugzilla.novell.com/show_bug.cgi?id=775013

https://bugzilla.novell.com/show_bug.cgi?id=782967

http://support.novell.com/security/cve/CVE-2012-3418.html

Plugin Details

Severity: Medium

ID: 64188

File Name: suse_11_libpcp3-130107.nasl

Version: 1.4

Type: local

Agent: unix

Published: 1/25/2013

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:11, p-cpe:/a:novell:suse_linux:11:permissions

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 1/7/2013

Reference Information

CVE: CVE-2012-3418, CVE-2012-3419, CVE-2012-3420, CVE-2012-3421, CVE-2012-5530