• pcp: pmcd network daemon review (SUSE Security Team Blog)

    From LWN.net@1337:1/100 to All on Friday, September 20, 2024 19:15:04
    pcp: pmcd network daemon review (SUSE Security Team Blog)

    Date:
    Fri, 20 Sep 2024 18:05:14 +0000

    Description:
    The SUSE Security Team Blog has a detailed review of the Performance Co-Pilot (PCP) 6.2.1 release : The rather complex PCP software suite was difficult to judge just from
    a cursory look, so we decided to take a closer look especially at
    PCP's networking logic at a later time. This report contains two CVEs
    and some non-CVE related findings we also gathered during the
    follow-up review. CVE-2024-45769 ,
    a flaw that could allow an attacker to send crafted data to crash pcmd , and CVE-2024-45770 ,
    which could allow a full local root exploit from the pcp user to root,
    have been addressed in the 6.3.1 release of PCP.

    ======================================================================
    Link to news story:
    https://lwn.net/Articles/991091/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)