CVE-2019-3695

Name of the Vulnerable Software and Affected Versions SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1 SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1 SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1 SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1 SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1 SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1 SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1 SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1 openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1

Description The issue is related to an Improper Control of Generation of Code vulnerability in the packaging of pcp, allowing a user to run code as root by placing it into /var/log/pcp/configs.sh. This vulnerability can be exploited to execute arbitrary code.

Recommendations For SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1, update to version 3.11.9-5.8.1 or later. For SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1, update to version 3.11.9-5.8.1 or later. For SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1, update to version 3.11.9-5.8.1 or later. For SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3, update to version 4.3.1-3.5.3 or later. For SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1, update to version 3.11.9-5.8.1 or later. For SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1, update to version 3.11.9-5.8.1 or later. For SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1, update to version 3.11.9-5.8.1 or later. For SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1, update to version 3.11.9-6.14.1 or later. For SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1, update to version 3.11.9-6.14.1 or later. For openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1, update to version 4.3.1-lp151.2.3.1 or later.