SUSE Security Update: Security update for pcp ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0190-1 Rating: important References: #732763 #775009 #775010 #775011 #775013 #782967 Cross-References: CVE-2012-3418 CVE-2012-3419 CVE-2012-3420 CVE-2012-3421 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that solves four vulnerabilities and has two fixes is now available. It includes two new package versions. Description: pcp was updated to version 3.6.10 which fixes security issues and also brings a lot of new features. * Update to pcp-3.6.10. o Transition daemons to run under an unprivileged account. o Fixes for security advisory CVE-2012-5530: tmpfile flaws; (bnc#782967). o Fix pcp(1) command short-form pmlogger reporting. o Fix pmdalogger error handling for directory files. o Fix pmstat handling of odd corner case in CPU metrics. o Correct the python ctype used for pmAtomValue 32bit ints. o Add missing RPM spec dependency for python-ctypes. o Corrections to pmdamysql metrics units. o Add pmdamysql slave status metrics. o Improve pmcollectl error messages. o Parameterize pmcollectl CPU counts in interrupt subsys. o Fix generic RPM packaging for powerpc builds. o Fix python API use of reentrant libpcp string routines. o Python code backporting for RHEL5 in qa and pmcollectl. o Fix edge cases in capturing interrupt error counts. * Update to pcp-3.6.9. o Python wrapper for the pmimport API o Make sar2pcp work with the sysstat versions from RHEL5, RHEL6, and all recent Fedora versions (which is almost all current versions of sysstat verified). o Added a number of additional metrics into the importer for people starting to use it to analyse sar data from real customer incidents. o Rework use of C99 "restrict" keyword in pmdalogger (Debian bug: 689552) o Alot of work on the PCP QA suite, special thanks to Tomas Dohnalek for all his efforts there. o Win32 build updates o Add "raw" disk active metrics so that existing tools like iostat can be emulated o Allow sar2pcp to accept XML input directly (.xml suffix), allowing it to not have to run on the same platform as the sadc/sadf that originally generated it. o Add PMI error codes into the PCP::LogImport perl module. o Fix a typo in pmiUnits man page synopsis section o Resolve pmdalinux ordering issue in NUMA/CPU indom setup (Redhat bug: 858384) o Remove unused pmcollectl imports (Redhat bug: 863210) o Allow event traces to be used in libpcp interpolate mode * Update to pcp-3.6.8. o Corrects the disk/partition identification for the MMC driver, which makes disk indom handling correct on the Raspberry Pi (http://www.raspberrypi.org/) o Several minor/basic fixes for pmdaoracle. o Improve pmcollectl compatibility. o Make a few clarifications to pmcollectl.1. o Improve python API test coverage. o Numerous updates to the test suite in general. o Allow pmda Install scripts to specify own dso name again. o Reconcile spec file differences between PCP flavours. o Fix handling of multiple contexts with a remote namespace. o Core socket interface abstractions to support NSS (later). o Fix man page SYNOPSIS section for pmUnpackEventRecords. o Add --disable-shared build option for static builds. * Update to pcp-3.6.6. o Added the python PMAPI bindings and an initial python client in pmcollectl. Separate, new package exists for python libs for those platforms that split out packages (rpm, deb). o Added a pcp-testsuite package for those platforms that might want this (rpm, deb again, mainly) o Re-introduced the pcp/qa subdirectory in pcp and deprecated the external pcpqa git tree. o Fix potential buffer overflow in pmlogger host name handling. o Reworked the configure --prefix handling to be more like the rest of the open source world. o Ensure the __pmDecodeText ident parameter is always set Resolves Red Hat bugzilla bug #841306. Security Issue references: * CVE-2012-3418 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3418
* CVE-2012-3419 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3419
* CVE-2012-3420 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3420
* CVE-2012-3421 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3421
Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-libpcp3-7221 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-libpcp3-7221 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-libpcp3-7221 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-libpcp3-7221 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.6.10]: libpcp3-3.6.10-0.3.1 pcp-3.6.10-0.3.1 pcp-devel-3.6.10-0.3.1 pcp-import-iostat2pcp-3.6.10-0.3.1 pcp-import-mrtg2pcp-3.6.10-0.3.1 pcp-import-sar2pcp-3.6.10-0.3.1 pcp-import-sheet2pcp-3.6.10-0.3.1 perl-PCP-LogImport-3.6.10-0.3.1 perl-PCP-LogSummary-3.6.10-0.3.1 perl-PCP-MMV-3.6.10-0.3.1 perl-PCP-PMDA-3.6.10-0.3.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 2013.1.7]: permissions-2013.1.7-0.3.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 2013.1.7]: permissions-2013.1.7-0.3.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 2013.1.7 and 3.6.10]: libpcp3-3.6.10-0.5.1 pcp-3.6.10-0.5.1 pcp-import-iostat2pcp-3.6.10-0.5.1 pcp-import-mrtg2pcp-3.6.10-0.5.1 pcp-import-sar2pcp-3.6.10-0.5.1 pcp-import-sheet2pcp-3.6.10-0.5.1 perl-PCP-LogImport-3.6.10-0.5.1 perl-PCP-LogSummary-3.6.10-0.5.1 perl-PCP-MMV-3.6.10-0.5.1 perl-PCP-PMDA-3.6.10-0.5.1 permissions-2013.1.7-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 2013.1.7]: permissions-2013.1.7-0.3.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64) [New Version: 2013.1.7]: permissions-2013.1.7-0.5.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 3.6.10]: libpcp3-3.6.10-0.5.1 pcp-3.6.10-0.5.1 pcp-devel-3.6.10-0.5.1 pcp-import-iostat2pcp-3.6.10-0.5.1 pcp-import-mrtg2pcp-3.6.10-0.5.1 pcp-import-sar2pcp-3.6.10-0.5.1 pcp-import-sheet2pcp-3.6.10-0.5.1 perl-PCP-LogImport-3.6.10-0.5.1 perl-PCP-LogSummary-3.6.10-0.5.1 perl-PCP-MMV-3.6.10-0.5.1 perl-PCP-PMDA-3.6.10-0.5.1 References: http://support.novell.com/security/cve/CVE-2012-3418.html http://support.novell.com/security/cve/CVE-2012-3419.html http://support.novell.com/security/cve/CVE-2012-3420.html http://support.novell.com/security/cve/CVE-2012-3421.html https://bugzilla.novell.com/732763 https://bugzilla.novell.com/775009 https://bugzilla.novell.com/775010 https://bugzilla.novell.com/775011 https://bugzilla.novell.com/775013 https://bugzilla.novell.com/782967 http://download.novell.com/patch/finder/?keywords=51012200090dff3a8a3a0cbcae... http://download.novell.com/patch/finder/?keywords=86d59a2714828a99a56a3fdba3... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org