CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
20.2%
CentOS Errata and Security Advisory CESA-2020:3869
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems.
Security Fix(es):
pcp: Local privilege escalation in pcp spec file %post section (CVE-2019-3695)
pcp: Local privilege escalation in pcp spec file through migrate_tempdirs (CVE-2019-3696)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2020-October/032868.html
Affected packages:
pcp
pcp-conf
pcp-devel
pcp-doc
pcp-export-pcp2elasticsearch
pcp-export-pcp2graphite
pcp-export-pcp2influxdb
pcp-export-pcp2json
pcp-export-pcp2spark
pcp-export-pcp2xml
pcp-export-pcp2zabbix
pcp-export-zabbix-agent
pcp-gui
pcp-import-collectl2pcp
pcp-import-ganglia2pcp
pcp-import-iostat2pcp
pcp-import-mrtg2pcp
pcp-import-sar2pcp
pcp-libs
pcp-libs-devel
pcp-manager
pcp-pmda-activemq
pcp-pmda-apache
pcp-pmda-bash
pcp-pmda-bcc
pcp-pmda-bind2
pcp-pmda-bonding
pcp-pmda-cifs
pcp-pmda-cisco
pcp-pmda-dbping
pcp-pmda-dm
pcp-pmda-docker
pcp-pmda-ds389
pcp-pmda-ds389log
pcp-pmda-elasticsearch
pcp-pmda-gfs2
pcp-pmda-gluster
pcp-pmda-gpfs
pcp-pmda-gpsd
pcp-pmda-haproxy
pcp-pmda-infiniband
pcp-pmda-json
pcp-pmda-libvirt
pcp-pmda-lio
pcp-pmda-lmsensors
pcp-pmda-logger
pcp-pmda-lustre
pcp-pmda-lustrecomm
pcp-pmda-mailq
pcp-pmda-memcache
pcp-pmda-mic
pcp-pmda-mounts
pcp-pmda-mysql
pcp-pmda-named
pcp-pmda-netfilter
pcp-pmda-news
pcp-pmda-nfsclient
pcp-pmda-nginx
pcp-pmda-nvidia-gpu
pcp-pmda-oracle
pcp-pmda-pdns
pcp-pmda-perfevent
pcp-pmda-postfix
pcp-pmda-postgresql
pcp-pmda-prometheus
pcp-pmda-redis
pcp-pmda-roomtemp
pcp-pmda-rpm
pcp-pmda-rsyslog
pcp-pmda-samba
pcp-pmda-sendmail
pcp-pmda-shping
pcp-pmda-slurm
pcp-pmda-smart
pcp-pmda-snmp
pcp-pmda-summary
pcp-pmda-systemd
pcp-pmda-trace
pcp-pmda-unbound
pcp-pmda-vmware
pcp-pmda-weblog
pcp-pmda-zimbra
pcp-pmda-zswap
pcp-selinux
pcp-system-tools
pcp-testsuite
pcp-webapi
pcp-webapp-blinkenlights
pcp-webapp-grafana
pcp-webapp-graphite
pcp-webapp-vector
pcp-webjs
pcp-zeroconf
perl-PCP-LogImport
perl-PCP-LogSummary
perl-PCP-MMV
perl-PCP-PMDA
python-pcp
Upstream details at:
https://access.redhat.com/errata/RHSA-2020:3869
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 7 | x86_64 | pcp | < 4.3.2-12.el7 | pcp-4.3.2-12.el7.x86_64.rpm |
CentOS | 7 | x86_64 | pcp-conf | < 4.3.2-12.el7 | pcp-conf-4.3.2-12.el7.x86_64.rpm |
CentOS | 7 | i686 | pcp-devel | < 4.3.2-12.el7 | pcp-devel-4.3.2-12.el7.i686.rpm |
CentOS | 7 | x86_64 | pcp-devel | < 4.3.2-12.el7 | pcp-devel-4.3.2-12.el7.x86_64.rpm |
CentOS | 7 | noarch | pcp-doc | < 4.3.2-12.el7 | pcp-doc-4.3.2-12.el7.noarch.rpm |
CentOS | 7 | x86_64 | pcp-export-pcp2elasticsearch | < 4.3.2-12.el7 | pcp-export-pcp2elasticsearch-4.3.2-12.el7.x86_64.rpm |
CentOS | 7 | x86_64 | pcp-export-pcp2graphite | < 4.3.2-12.el7 | pcp-export-pcp2graphite-4.3.2-12.el7.x86_64.rpm |
CentOS | 7 | x86_64 | pcp-export-pcp2influxdb | < 4.3.2-12.el7 | pcp-export-pcp2influxdb-4.3.2-12.el7.x86_64.rpm |
CentOS | 7 | x86_64 | pcp-export-pcp2json | < 4.3.2-12.el7 | pcp-export-pcp2json-4.3.2-12.el7.x86_64.rpm |
CentOS | 7 | x86_64 | pcp-export-pcp2spark | < 4.3.2-12.el7 | pcp-export-pcp2spark-4.3.2-12.el7.x86_64.rpm |
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
20.2%