Lucene search

CentOS ProjectCESA-2020:3869

HistoryOct 20, 2020 - 6:43 p.m.

pcp, perl, python security update

2020-10-2018:43:13

CentOS Project

lists.centos.org

114

centos errata

cesa-2020

performance co-pilot

local privilege escalation

cve-2019-3695

cve-2019-3696

red hat enterprise linux 7.9

security bulletin

affected packages

upstream details

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

20.2%

JSON

CentOS Errata and Security Advisory CESA-2020:3869

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems.

Security Fix(es):

pcp: Local privilege escalation in pcp spec file %post section (CVE-2019-3695)
pcp: Local privilege escalation in pcp spec file through migrate_tempdirs (CVE-2019-3696)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2020-October/032868.html

Affected packages:
pcp
pcp-conf
pcp-devel
pcp-doc
pcp-export-pcp2elasticsearch
pcp-export-pcp2graphite
pcp-export-pcp2influxdb
pcp-export-pcp2json
pcp-export-pcp2spark
pcp-export-pcp2xml
pcp-export-pcp2zabbix
pcp-export-zabbix-agent
pcp-gui
pcp-import-collectl2pcp
pcp-import-ganglia2pcp
pcp-import-iostat2pcp
pcp-import-mrtg2pcp
pcp-import-sar2pcp
pcp-libs
pcp-libs-devel
pcp-manager
pcp-pmda-activemq
pcp-pmda-apache
pcp-pmda-bash
pcp-pmda-bcc
pcp-pmda-bind2
pcp-pmda-bonding
pcp-pmda-cifs
pcp-pmda-cisco
pcp-pmda-dbping
pcp-pmda-dm
pcp-pmda-docker
pcp-pmda-ds389
pcp-pmda-ds389log
pcp-pmda-elasticsearch
pcp-pmda-gfs2
pcp-pmda-gluster
pcp-pmda-gpfs
pcp-pmda-gpsd
pcp-pmda-haproxy
pcp-pmda-infiniband
pcp-pmda-json
pcp-pmda-libvirt
pcp-pmda-lio
pcp-pmda-lmsensors
pcp-pmda-logger
pcp-pmda-lustre
pcp-pmda-lustrecomm
pcp-pmda-mailq
pcp-pmda-memcache
pcp-pmda-mic
pcp-pmda-mounts
pcp-pmda-mysql
pcp-pmda-named
pcp-pmda-netfilter
pcp-pmda-news
pcp-pmda-nfsclient
pcp-pmda-nginx
pcp-pmda-nvidia-gpu
pcp-pmda-oracle
pcp-pmda-pdns
pcp-pmda-perfevent
pcp-pmda-postfix
pcp-pmda-postgresql
pcp-pmda-prometheus
pcp-pmda-redis
pcp-pmda-roomtemp
pcp-pmda-rpm
pcp-pmda-rsyslog
pcp-pmda-samba
pcp-pmda-sendmail
pcp-pmda-shping
pcp-pmda-slurm
pcp-pmda-smart
pcp-pmda-snmp
pcp-pmda-summary
pcp-pmda-systemd
pcp-pmda-trace
pcp-pmda-unbound
pcp-pmda-vmware
pcp-pmda-weblog
pcp-pmda-zimbra
pcp-pmda-zswap
pcp-selinux
pcp-system-tools
pcp-testsuite
pcp-webapi
pcp-webapp-blinkenlights
pcp-webapp-grafana
pcp-webapp-graphite
pcp-webapp-vector
pcp-webjs
pcp-zeroconf
perl-PCP-LogImport
perl-PCP-LogSummary
perl-PCP-MMV
perl-PCP-PMDA
python-pcp

Upstream details at:
https://access.redhat.com/errata/RHSA-2020:3869

OSVersionArchitecturePackageVersionFilename
CentOS7x86_64pcp< 4.3.2-12.el7pcp-4.3.2-12.el7.x86_64.rpm
CentOS7x86_64pcp-conf< 4.3.2-12.el7pcp-conf-4.3.2-12.el7.x86_64.rpm
CentOS7i686pcp-devel< 4.3.2-12.el7pcp-devel-4.3.2-12.el7.i686.rpm
CentOS7x86_64pcp-devel< 4.3.2-12.el7pcp-devel-4.3.2-12.el7.x86_64.rpm
CentOS7noarchpcp-doc< 4.3.2-12.el7pcp-doc-4.3.2-12.el7.noarch.rpm
CentOS7x86_64pcp-export-pcp2elasticsearch< 4.3.2-12.el7pcp-export-pcp2elasticsearch-4.3.2-12.el7.x86_64.rpm
CentOS7x86_64pcp-export-pcp2graphite< 4.3.2-12.el7pcp-export-pcp2graphite-4.3.2-12.el7.x86_64.rpm
CentOS7x86_64pcp-export-pcp2influxdb< 4.3.2-12.el7pcp-export-pcp2influxdb-4.3.2-12.el7.x86_64.rpm
CentOS7x86_64pcp-export-pcp2json< 4.3.2-12.el7pcp-export-pcp2json-4.3.2-12.el7.x86_64.rpm
CentOS7x86_64pcp-export-pcp2spark< 4.3.2-12.el7pcp-export-pcp2spark-4.3.2-12.el7.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	7	x86_64	pcp	< 4.3.2-12.el7	pcp-4.3.2-12.el7.x86_64.rpm
CentOS	7	x86_64	pcp-conf	< 4.3.2-12.el7	pcp-conf-4.3.2-12.el7.x86_64.rpm
CentOS	7	i686	pcp-devel	< 4.3.2-12.el7	pcp-devel-4.3.2-12.el7.i686.rpm
CentOS	7	x86_64	pcp-devel	< 4.3.2-12.el7	pcp-devel-4.3.2-12.el7.x86_64.rpm
CentOS	7	noarch	pcp-doc	< 4.3.2-12.el7	pcp-doc-4.3.2-12.el7.noarch.rpm
CentOS	7	x86_64	pcp-export-pcp2elasticsearch	< 4.3.2-12.el7	pcp-export-pcp2elasticsearch-4.3.2-12.el7.x86_64.rpm
CentOS	7	x86_64	pcp-export-pcp2graphite	< 4.3.2-12.el7	pcp-export-pcp2graphite-4.3.2-12.el7.x86_64.rpm
CentOS	7	x86_64	pcp-export-pcp2influxdb	< 4.3.2-12.el7	pcp-export-pcp2influxdb-4.3.2-12.el7.x86_64.rpm
CentOS	7	x86_64	pcp-export-pcp2json	< 4.3.2-12.el7	pcp-export-pcp2json-4.3.2-12.el7.x86_64.rpm
CentOS	7	x86_64	pcp-export-pcp2spark	< 4.3.2-12.el7	pcp-export-pcp2spark-4.3.2-12.el7.x86_64.rpm