Описание
Security update for blktrace
blktrace was updated to fix a security issue:
- CVE-2018-10689: Prevent buffer overflow in the dev_map_read function because the device and devno arrays were too small (bsc#1091942)
Список пакетов
Image SLES12-SP4-Azure-BYOS
blktrace-1.0.5-8.5.74
Image SLES12-SP4-EC2-HVM-BYOS
blktrace-1.0.5-8.5.74
Image SLES12-SP4-GCE-BYOS
blktrace-1.0.5-8.5.74
Image SLES12-SP4-OCI-BYOS
blktrace-1.0.5-8.5.74
Image SLES12-SP4-SAP-Azure
blktrace-1.0.5-8.5.74
Image SLES12-SP4-SAP-Azure-BYOS
blktrace-1.0.5-8.5.74
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
blktrace-1.0.5-8.5.74
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
blktrace-1.0.5-8.5.74
Image SLES12-SP4-SAP-EC2-HVM
blktrace-1.0.5-8.5.74
Image SLES12-SP4-SAP-EC2-HVM-BYOS
blktrace-1.0.5-8.5.74
Image SLES12-SP4-SAP-GCE
blktrace-1.0.5-8.5.74
Image SLES12-SP4-SAP-GCE-BYOS
blktrace-1.0.5-8.5.74
Image SLES12-SP4-SAP-OCI-BYOS
blktrace-1.0.5-8.5.74
Image SLES12-SP5-Azure-BYOS
blktrace-1.0.5-8.5.74
Image SLES12-SP5-Azure-Basic-On-Demand
blktrace-1.0.5-8.5.74
Image SLES12-SP5-Azure-HPC-BYOS
blktrace-1.0.5-8.5.74
Image SLES12-SP5-Azure-HPC-On-Demand
blktrace-1.0.5-8.5.74
Image SLES12-SP5-Azure-SAP-BYOS
blktrace-1.0.5-8.5.74
Image SLES12-SP5-Azure-SAP-On-Demand
blktrace-1.0.5-8.5.74
Image SLES12-SP5-Azure-Standard-On-Demand
blktrace-1.0.5-8.5.74
Image SLES12-SP5-EC2-BYOS
blktrace-1.0.5-8.5.74
Image SLES12-SP5-EC2-ECS-On-Demand
blktrace-1.0.5-8.5.74
Image SLES12-SP5-EC2-On-Demand
blktrace-1.0.5-8.5.74
Image SLES12-SP5-EC2-SAP-BYOS
blktrace-1.0.5-8.5.74
Image SLES12-SP5-EC2-SAP-On-Demand
blktrace-1.0.5-8.5.74
Image SLES12-SP5-GCE-BYOS
blktrace-1.0.5-8.5.74
Image SLES12-SP5-GCE-On-Demand
blktrace-1.0.5-8.5.74
Image SLES12-SP5-GCE-SAP-BYOS
blktrace-1.0.5-8.5.74
Image SLES12-SP5-GCE-SAP-On-Demand
blktrace-1.0.5-8.5.74
Image SLES12-SP5-OCI-BYOS-BYOS
blktrace-1.0.5-8.5.74
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
blktrace-1.0.5-8.5.74
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
blktrace-1.0.5-8.5.74
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
blktrace-1.0.5-8.5.74
SUSE Linux Enterprise Server 12 SP5
blktrace-1.0.5-8.5.74
SUSE Linux Enterprise Server for SAP Applications 12 SP5
blktrace-1.0.5-8.5.74
Ссылки
- Link for SUSE-SU-2020:2942-1
- E-Mail link for SUSE-SU-2020:2942-1
- SUSE Security Ratings
- SUSE Bug 1091942
- SUSE CVE CVE-2018-10689 page
Описание
blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file.
Затронутые продукты
Image SLES12-SP4-Azure-BYOS:blktrace-1.0.5-8.5.74
Image SLES12-SP4-EC2-HVM-BYOS:blktrace-1.0.5-8.5.74
Image SLES12-SP4-GCE-BYOS:blktrace-1.0.5-8.5.74
Image SLES12-SP4-OCI-BYOS:blktrace-1.0.5-8.5.74
Ссылки
- CVE-2018-10689
- SUSE Bug 1091942