Fix CVE-2024-3019
(cherry picked from commit 1443bbc845b7065c4df4324bb9fb263fa3a74484)
This commit is contained in:
wk333
openeuler-sync-bot
parent
4650371c53
commit
30a64932e8
31
CVE-2024-3019.patch
Normal file
31
CVE-2024-3019.patch
Normal file
@ -0,0 +1,31 @@
|
||||
From 3bde240a2acc85e63e2f7813330713dd9b59386e Mon Sep 17 00:00:00 2001
|
||||
From: Nathan Scott <nathans@redhat.com>
|
||||
Date: Wed, 27 Mar 2024 14:51:28 +1100
|
||||
Subject: [PATCH] pmproxy: disable Redis protocol proxying by default
|
||||
|
||||
origin: https://github.com/performancecopilot/pcp/commit/3bde240a2acc85e63e2f7813330713dd9b59386e
|
||||
|
||||
If a redis-server has been locked down in terms of connections,
|
||||
we want to prevent pmproxy from being allowed to send arbitrary
|
||||
RESP commands to it.
|
||||
|
||||
This protocol proxying doesn't affect PCP functionality at all,
|
||||
its more of a developer/sysadmin convenience when Redis used in
|
||||
cluster mode (relatively uncommon compared to localhost mode).
|
||||
---
|
||||
src/pmproxy/pmproxy.conf | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/pmproxy/pmproxy.conf b/src/pmproxy/pmproxy.conf
|
||||
index e54891792e..4cbc1c96af 100644
|
||||
--- a/src/pmproxy/pmproxy.conf
|
||||
+++ b/src/pmproxy/pmproxy.conf
|
||||
@@ -29,7 +29,7 @@ pcp.enabled = true
|
||||
http.enabled = true
|
||||
|
||||
# support Redis protocol proxying
|
||||
-redis.enabled = true
|
||||
+redis.enabled = false
|
||||
|
||||
# support SSL/TLS protocol wrapping
|
||||
secure.enabled = true
|
||||
6
pcp.spec
6
pcp.spec
@ -55,12 +55,13 @@
|
||||
Name: pcp
|
||||
Version: 5.3.7
|
||||
Summary: System-level performance monitoring and performance management
|
||||
Release: 3
|
||||
Release: 4
|
||||
License: GPL-2.0-or-later and LGPL-2.0-or-later and CC-BY-SA-3.0
|
||||
URL: https://pcp.io
|
||||
Source0: https://github.com/performancecopilot/pcp/archive/refs/tags/%{version}.tar.gz
|
||||
#Refer: https://github.com/performancecopilot/pcp/pull/822
|
||||
Patch0: fix-out-of-range-mpstat.patch
|
||||
Patch1: CVE-2024-3019.patch
|
||||
BuildRequires: make
|
||||
BuildRequires: gcc gcc-c++
|
||||
BuildRequires: procps autoconf bison flex
|
||||
@ -1932,6 +1933,9 @@ systemctl condrestart pmproxy.service >/dev/null 2>&1
|
||||
|
||||
|
||||
%changelog
|
||||
* Fri Mar 29 2024 wangkai <13474090681@163.com> - 5.3.7-4
|
||||
- Fix CVE-2024-3019
|
||||
|
||||
* Mon Feb 13 2023 wangkai <wangkai385@h-partners.com> - 5.3.7-3
|
||||
- Fix out of range in pcp-mpstat
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user