摘要:
pcp security update
安全等级: High
公告ID: KylinSec-SA-2024-1522
发布日期: 2024年4月12日
关联CVE: CVE-2024-3019
PCP provides a range of services that may be used to monitor and manage system performance. These services are distributed and scalable to accommodate the most complex system configurations and performance problems.
Security Fix(es):
A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be started manually. The pmproxy service is usually started from the 'Metrics settings' page of the Cockpit web interface. This flaw affects PCP versions 4.3.4 and newer.(CVE-2024-3019)
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2024-3019 | KY3.5.2 | pcp | Fixed |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| pcp-help | noarch | 5.3.7-4.ky3_5.kb1 |
| pcp-export-pcp2spark | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-selinux | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-lustre | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-libvirt | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-export-pcp2graphite | x86_64 | 5.3.7-4.ky3_5.kb1 |
| perl-PCP-LogSummary | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-named | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-openmetrics | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-export-pcp2json | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-bash | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-samba | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-dm | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-infiniband | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-dbping | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-docker | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-rsyslog | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-bind2 | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-oracle | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-news | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-hacluster | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-bpftrace | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-activemq | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-lmsensors | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-mssql | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-import-iostat2pcp | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-podman | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-devel | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-mic | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-cisco | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-elasticsearch | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-summary | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-import-ganglia2pcp | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-systemd | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-postfix | x86_64 | 5.3.7-4.ky3_5.kb1 |
| perl-PCP-MMV | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-openvswitch | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-import-sar2pcp | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-perfevent | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-gluster | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-export-pcp2xml | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-conf | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-apache | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-mounts | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-export-pcp2elasticsearch | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-smart | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-nvidia-gpu | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-nutcracker | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-ds389 | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-cifs | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-zimbra | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-bcc | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-nfsclient | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-logger | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-slurm | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-sockets | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-export-zabbix-agent | x86_64 | 5.3.7-4.ky3_5.kb1 |
| perl-PCP-PMDA | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-json | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-system-tools | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-gpsd | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-export-pcp2zabbix | x86_64 | 5.3.7-4.ky3_5.kb1 |
| perl-PCP-LogImport | x86_64 | 5.3.7-4.ky3_5.kb1 |
| python3-pcp | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-mysql | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-netfilter | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-bonding | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-postgresql | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-shping | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-zswap | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-mongodb | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-import-mrtg2pcp | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-gui | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-snmp | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-unbound | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-gfs2 | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-bpf | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-memcache | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-weblog | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-trace | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-ds389log | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-mailq | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-lio | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-gpfs | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-import-collectl2pcp | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-pdns | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-sendmail | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-lustrecomm | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-export-pcp2influxdb | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-haproxy | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-rabbitmq | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-nginx | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-roomtemp | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-redis | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-netcheck | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-zeroconf | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-denki | x86_64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-activemq | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-zimbra | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-infiniband | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-export-zabbix-agent | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-gfs2 | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-export-pcp2json | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-import-collectl2pcp | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-cifs | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-mounts | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-bpftrace | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-sendmail | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-import-sar2pcp | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-bpf | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-export-pcp2graphite | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-gpsd | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-dbping | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-lustrecomm | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-openmetrics | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-zeroconf | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-ds389log | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-apache | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-cisco | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-export-pcp2influxdb | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-oracle | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-hacluster | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-shping | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-mysql | aarch64 | 5.3.7-4.ky3_5.kb1 |
| perl-PCP-LogSummary | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-rabbitmq | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-import-iostat2pcp | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-roomtemp | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-import-mrtg2pcp | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-mongodb | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-import-ganglia2pcp | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-export-pcp2zabbix | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-devel | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-export-pcp2spark | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-podman | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-json | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-haproxy | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-trace | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-redis | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-libvirt | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-system-tools | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-nfsclient | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-export-pcp2xml | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-weblog | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-systemd | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-lio | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-news | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-mic | aarch64 | 5.3.7-4.ky3_5.kb1 |
| perl-PCP-PMDA | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-postgresql | aarch64 | 5.3.7-4.ky3_5.kb1 |
| perl-PCP-MMV | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-export-pcp2elasticsearch | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-gui | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-zswap | aarch64 | 5.3.7-4.ky3_5.kb1 |
| python3-pcp | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-lmsensors | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-selinux | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-postfix | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-pdns | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-summary | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-nutcracker | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-rsyslog | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-slurm | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-gluster | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-docker | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-gpfs | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-conf | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-bonding | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-elasticsearch | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-mailq | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-netfilter | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-perfevent | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-samba | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-sockets | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-netcheck | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-dm | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-ds389 | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-snmp | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-logger | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-nvidia-gpu | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-named | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-bind2 | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-lustre | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-openvswitch | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-nginx | aarch64 | 5.3.7-4.ky3_5.kb1 |
| perl-PCP-LogImport | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-bash | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-memcache | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-smart | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-denki | aarch64 | 5.3.7-4.ky3_5.kb1 |
| pcp-pmda-unbound | aarch64 | 5.3.7-4.ky3_5.kb1 |
方法一:下载安装包进行升级安装
1、通过下载链接下载需要升级的升级包保存,如 xxx.rpm
2、通过rpm命令升级,如 rpm -Uvh xxx.rpm
方法二:通过软件源进行升级安装
1、保持能够连接上互联网
2、通过yum命令升级指定的包,如 yum install 包名
