ALAS2-2019-1320


Amazon Linux 2 Security Advisory: ALAS-2019-1320
Advisory Release Date: 2019-10-21 18:01 Pacific
Advisory Updated Date: 2019-10-23 23:25 Pacific
Severity: Low
References: CVE-2018-10689 

Issue Overview:

blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file.(CVE-2018-10689)


Affected Packages:

blktrace


Issue Correction:
Run yum update blktrace to update your system.

New Packages:
aarch64:
    blktrace-1.0.5-9.amzn2.aarch64
    blktrace-debuginfo-1.0.5-9.amzn2.aarch64

i686:
    blktrace-1.0.5-9.amzn2.i686
    blktrace-debuginfo-1.0.5-9.amzn2.i686

src:
    blktrace-1.0.5-9.amzn2.src

x86_64:
    blktrace-1.0.5-9.amzn2.x86_64
    blktrace-debuginfo-1.0.5-9.amzn2.x86_64