AXSA:2019-4120:01

リリース日: 
2019/08/20 Tuesday - 01:42
題名: 
blktrace-1.0.5-9.el7
影響のあるチャネル: 
Asianux Server 7 for x86_64
Severity: 
Low
Description: 

The blktrace packages contain a number of utilities to record the I/O trace information for the kernel to user space, and utilities to analyze and view the trace information.

Security Fix(es):

* blktrace: buffer overflow in the dev_map_read function in btt/devmap.c (CVE-2018-10689)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.7 Release Notes linked from the References section.

CVE-2018-10689
blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file.

解決策: 

Update packages.

追加情報: 

N/A

ダウンロード: 

SRPMS
1. blktrace-1.0.5-9.el7.src.rpm
md5sum: 573b316adf05a351b1c8aa3dfc9443f9
sha256sum: be12da8d49db09ae5d400c9c90e6a7c78f91f6cc48ef06f1c1cc289283cb6417
Size: 364 Kb

Asianux Server 7.0 for x86_64
1. blktrace-1.0.5-9.el7.x86_64.rpm
md5sum: 6c66fa2cfb1a632ec07810e1ed6f9fa4
sha256sum: f4be542ed889293a92823b5d3213f193a0a594cf1b16961ffc8511d0d8093440
Size: 133 Kb
Copyright© 2007-2015 Asianux. All rights reserved.