pcp security update

2024-06-1413:59:30

Rockylinux Product Errata

errata.rockylinux.org

pcp

rocky linux 8

cve-2024-3019

security update

cvss

remote command execution

performance co-pilot

system-level performance measurements

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

13.0%

JSON

An update is available for pcp.
This update affects Rocky Linux 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems.

Security Fix(es):

pcp: exposure of the redis server backend allows remote command execution via pmproxy (CVE-2024-3019)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
rocky8aarch64pcp< 5.3.7-20.el8_10pcp-0:5.3.7-20.el8_10.aarch64.rpm
rocky8x86_64pcp< 5.3.7-20.el8_10pcp-0:5.3.7-20.el8_10.x86_64.rpm
rocky8aarch64pcp-conf< 5.3.7-20.el8_10pcp-conf-0:5.3.7-20.el8_10.aarch64.rpm
rocky8x86_64pcp-conf< 5.3.7-20.el8_10pcp-conf-0:5.3.7-20.el8_10.x86_64.rpm
rocky8aarch64pcp-debuginfo< 5.3.7-20.el8_10pcp-debuginfo-0:5.3.7-20.el8_10.aarch64.rpm
rocky8i686pcp-debuginfo< 5.3.7-20.el8_10pcp-debuginfo-0:5.3.7-20.el8_10.i686.rpm
rocky8x86_64pcp-debuginfo< 5.3.7-20.el8_10pcp-debuginfo-0:5.3.7-20.el8_10.x86_64.rpm
rocky8aarch64pcp-debugsource< 5.3.7-20.el8_10pcp-debugsource-0:5.3.7-20.el8_10.aarch64.rpm
rocky8i686pcp-debugsource< 5.3.7-20.el8_10pcp-debugsource-0:5.3.7-20.el8_10.i686.rpm
rocky8x86_64pcp-debugsource< 5.3.7-20.el8_10pcp-debugsource-0:5.3.7-20.el8_10.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
rocky	8	aarch64	pcp	< 5.3.7-20.el8_10	pcp-0:5.3.7-20.el8_10.aarch64.rpm
rocky	8	x86_64	pcp	< 5.3.7-20.el8_10	pcp-0:5.3.7-20.el8_10.x86_64.rpm
rocky	8	aarch64	pcp-conf	< 5.3.7-20.el8_10	pcp-conf-0:5.3.7-20.el8_10.aarch64.rpm
rocky	8	x86_64	pcp-conf	< 5.3.7-20.el8_10	pcp-conf-0:5.3.7-20.el8_10.x86_64.rpm
rocky	8	aarch64	pcp-debuginfo	< 5.3.7-20.el8_10	pcp-debuginfo-0:5.3.7-20.el8_10.aarch64.rpm
rocky	8	i686	pcp-debuginfo	< 5.3.7-20.el8_10	pcp-debuginfo-0:5.3.7-20.el8_10.i686.rpm
rocky	8	x86_64	pcp-debuginfo	< 5.3.7-20.el8_10	pcp-debuginfo-0:5.3.7-20.el8_10.x86_64.rpm
rocky	8	aarch64	pcp-debugsource	< 5.3.7-20.el8_10	pcp-debugsource-0:5.3.7-20.el8_10.aarch64.rpm
rocky	8	i686	pcp-debugsource	< 5.3.7-20.el8_10	pcp-debugsource-0:5.3.7-20.el8_10.i686.rpm
rocky	8	x86_64	pcp-debugsource	< 5.3.7-20.el8_10	pcp-debugsource-0:5.3.7-20.el8_10.x86_64.rpm