Overview

File _patchinfo of Package patchinfo.36517

<patchinfo incident="36517">
  <issue tracker="bnc" id="1230551">VUL-0: CVE-2024-45769: pcp: `pmcd` heap corruption through metric pmstore operations</issue>
  <issue tracker="bnc" id="1231345">PCP 6.2 built without libuv  support</issue>
  <issue tracker="bnc" id="1230552">VUL-0: CVE-2024-45770: pcp: `pmpost` symlink attack allows escalating `pcp` to `root` user</issue>
  <issue tracker="bnc" id="1217826">VUL-0: CVE-2023-6917: pcp: Local privilege escalation from pcp user to root in /usr/libexec/pcp/lib/pmproxy</issue>
  <issue tracker="bnc" id="1222815">Performance CoPilot 6 is not starting due to missing pmlogger_daily.timer</issue>
  <issue tracker="cve" id="2024-45770"/>
  <issue tracker="cve" id="2024-45769"/>
  <issue tracker="cve" id="2023-6917"/>
  <packager>mschreiner</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for pcp</summary>
  <description>This update for pcp fixes the following issues:

Upgrade to 6.2.0 (bsc#1217826 / PED#8192):

- CVE-2024-45770: Fixed symlink race (bsc#1230552).
- CVE-2024-45769: Fixed pmstore corruption (bsc#1230551)
- CVE-2023-6917: Fixed local privilege escalation from pcp user to root (bsc#1217826).

Bug fixes:

- Reintroduce libuv support for SLE &gt;= 15 (bsc#1231345). 
- move pmlogger_daily into main package (bsc#1222815)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places