Amazon Linux 2023 Security Advisory: ALAS-2024-626
Advisory Release Date: 2024-05-23 21:49 Pacific
Advisory Updated Date: 2024-05-28 22:46 Pacific
Severity:
Low
Issue Overview:
If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default. (CVE-2024-2314)
Affected Packages:
bcc
Issue Correction:
Run dnf update bcc --releasever 2023.4.20240528 to update your system.
New Packages:
aarch64:
bcc-debuginfo-0.26.0-1.amzn2023.0.2.aarch64
libbpf-tools-0.26.0-1.amzn2023.0.2.aarch64
bcc-devel-0.26.0-1.amzn2023.0.2.aarch64
bcc-debugsource-0.26.0-1.amzn2023.0.2.aarch64
libbpf-tools-debuginfo-0.26.0-1.amzn2023.0.2.aarch64
bcc-tools-debuginfo-0.26.0-1.amzn2023.0.2.aarch64
bcc-0.26.0-1.amzn2023.0.2.aarch64
bcc-tools-0.26.0-1.amzn2023.0.2.aarch64
noarch:
bcc-doc-0.26.0-1.amzn2023.0.2.noarch
python3-bcc-0.26.0-1.amzn2023.0.2.noarch
src:
bcc-0.26.0-1.amzn2023.0.2.src
x86_64:
bcc-debuginfo-0.26.0-1.amzn2023.0.2.x86_64
bcc-tools-debuginfo-0.26.0-1.amzn2023.0.2.x86_64
libbpf-tools-0.26.0-1.amzn2023.0.2.x86_64
bcc-devel-0.26.0-1.amzn2023.0.2.x86_64
bcc-0.26.0-1.amzn2023.0.2.x86_64
bcc-tools-0.26.0-1.amzn2023.0.2.x86_64
bcc-debugsource-0.26.0-1.amzn2023.0.2.x86_64
libbpf-tools-debuginfo-0.26.0-1.amzn2023.0.2.x86_64