[SECURITY] Fedora 16 Update: pcp-3.6.5-1.fc16

updates at fedoraproject.org updates at fedoraproject.org
Mon Aug 20 10:55:01 UTC 2012


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-12024
2012-08-17 05:21:08
--------------------------------------------------------------------------------

Name        : pcp
Product     : Fedora 16
Version     : 3.6.5
Release     : 1.fc16
URL         : http://oss.sgi.com/projects/pcp
Summary     : System-level performance monitoring and performance management
Description :
Performance Co-Pilot (PCP) provides a framework and services to support
system-level performance monitoring and performance management.

The PCP open source release provides a unifying abstraction for all of
the interesting performance data in a system, and allows client
applications to easily retrieve and process any subset of that data.

--------------------------------------------------------------------------------
Update Information:

Security and bugfix update. Security flaws fixed include CVE-2012-3418 CVE-2012-3419 CVE-2012-3420 and CVE-2012-3421
--------------------------------------------------------------------------------
ChangeLog:

* Thu Aug 16 2012 Mark Goodwin <mgoodwin at redhat.com> - 3.6.5-1
- Update to latest PCP sources, see installed CHANGELOG for details.
- Fix security flaws: CVE-2012-3418 CVE-2012-3419 CVE-2012-3420 and CVE-2012-3421 (BZ 848629)
* Thu Jul 19 2012 Mark Goodwin <mgoodwin at redhat.com>
- pmcd and pmlogger services are not supposed to be enabled by default (BZ 840763) - 3.6.3-1.3
* Thu Jun 21 2012 Mark Goodwin <mgoodwin at redhat.com>
- remove pcp-import-sheet2pcp subpackage due to missing deps (BZ 830923) - 3.6.3-1.2
* Fri May 18 2012 Dan HorĂ¡k <dan[at]danny.cz> - 3.6.3-1.1
- fix build on s390x
* Mon Apr 30 2012 Mark Goodwin - 3.6.3-1
- Update to latest PCP sources
* Thu Apr 26 2012 Mark Goodwin - 3.6.2-1
- Update to latest PCP sources
* Thu Apr 12 2012 Mark Goodwin - 3.6.1-1
- Update to latest PCP sources
* Thu Mar 22 2012 Mark Goodwin - 3.6.0-1
- use 
  CFLAGS="${CFLAGS:--O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4  -m64 -mtune=generic}" ; export CFLAGS ; 
  CXXFLAGS="${CXXFLAGS:--O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4  -m64 -mtune=generic}" ; export CXXFLAGS ; 
  FFLAGS="${FFLAGS:--O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4  -m64 -mtune=generic -I/usr/lib64/gfortran/modules}" ; export FFLAGS ; 
  LDFLAGS="${LDFLAGS:--Wl,-z,relro }"; export LDFLAGS; 
  ./configure --build=x86_64-redhat-linux-gnu --host=x86_64-redhat-linux-gnu \
	--program-prefix= \
	--disable-dependency-tracking \
	--prefix=/usr \
	--exec-prefix=/usr \
	--bindir=/usr/bin \
	--sbindir=/usr/sbin \
	--sysconfdir=/etc \
	--datadir=/usr/share \
	--includedir=/usr/include \
	--libdir=/usr/lib64 \
	--libexecdir=/usr/libexec \
	--localstatedir=/var \
	--sharedstatedir=/var/lib \
	--mandir=/usr/share/man \
	--infodir=/usr/share/info macro for correct libdir logic
- update to latest PCP sources
* Thu Dec 15 2011 Mark Goodwin - 3.5.11-2
- patched configure.in for libdir=/usr/lib64 on ppc64
* Thu Dec  1 2011 Mark Goodwin - 3.5.11-1
- Update to latest PCP sources.
* Fri Nov  4 2011 Mark Goodwin - 3.5.10-1
- Update to latest PCP sources.
* Mon Oct 24 2011 Mark Goodwin - 3.5.9-1
- Update to latest PCP sources.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #841698 - CVE-2012-3418 pcp: multiple integer and heap-based buffer overflow flaws
        https://bugzilla.redhat.com/show_bug.cgi?id=841698
  [ 2 ] Bug #841702 - CVE-2012-3419 pcp: privileged information diclosure flaw
        https://bugzilla.redhat.com/show_bug.cgi?id=841702
  [ 3 ] Bug #841704 - CVE-2012-3420 pcp: two memory leaks can lead to pcmd crash or trigger OOM killer
        https://bugzilla.redhat.com/show_bug.cgi?id=841704
  [ 4 ] Bug #841706 - CVE-2012-3421 pcp: event-driven programming flaw blocks pmcd from responding to other legitimate requests
        https://bugzilla.redhat.com/show_bug.cgi?id=841706
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update pcp' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list