Amazon Linux 2 Security Advisory: ALAS-2024-2551
Advisory Release Date: 2024-05-23 22:04 Pacific
Advisory Updated Date: 2024-05-29 12:00 Pacific
Severity:
Low
Issue Overview:
If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default. (CVE-2024-2314)
Affected Packages:
bcc
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update bcc to update your system.
New Packages:
aarch64:
bcc-0.24.0-3.amzn2.0.5.aarch64
bcc-devel-0.24.0-3.amzn2.0.5.aarch64
bcc-tools-0.24.0-3.amzn2.0.5.aarch64
libbpf-tools-0.24.0-3.amzn2.0.5.aarch64
bcc-debuginfo-0.24.0-3.amzn2.0.5.aarch64
noarch:
bcc-doc-0.24.0-3.amzn2.0.5.noarch
python3-bcc-0.24.0-3.amzn2.0.5.noarch
src:
bcc-0.24.0-3.amzn2.0.5.src
x86_64:
bcc-0.24.0-3.amzn2.0.5.x86_64
bcc-devel-0.24.0-3.amzn2.0.5.x86_64
bcc-tools-0.24.0-3.amzn2.0.5.x86_64
libbpf-tools-0.24.0-3.amzn2.0.5.x86_64
bcc-debuginfo-0.24.0-3.amzn2.0.5.x86_64