pcp: pmcd network daemon review (SUSE Security Team Blog)

by
jzb
from LWN.net on (#6QWRF)

The SUSE Security Team Blog has a detailed review of the Performance Co-Pilot (PCP) 6.2.1 release:

The rather complex PCP software suite was difficult to judge just froma cursory look, so we decided to take a closer look especially atPCP's networking logic at a later time. This report contains two CVEsand some non-CVE related findings we also gathered during thefollow-up review.

CVE-2024-45769,a flaw that could allow an attacker to send crafted data to crashpcmd, and CVE-2024-45770,which could allow a full local root exploit from the pcp user to root,have been addressed in the 6.3.1release of PCP.

External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments