Summary: | <sys-block/blktrace-1.2.0_p20210419122502: buffer overflow in the dev_map_read function in btt/devmap.c (CVE-2018-10689) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | robbat2 |
Priority: | Normal | Flags: | nattka:
sanity-check-
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1575119 | ||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: |
sys-block/blktrace-1.2.0_p20210419122502
|
Runtime testing required: | --- |
Description
Agostino Sarubbo
2018-05-07 10:03:08 UTC
@maintainer(s): ping, fancy applying the patch, or is it not suitable? The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d67d725f6bbb13cf73ff577df38e36bd08544d78 commit d67d725f6bbb13cf73ff577df38e36bd08544d78 Author: Robin H. Johnson <robbat2@gentoo.org> AuthorDate: 2021-06-12 18:01:43 +0000 Commit: Robin H. Johnson <robbat2@gentoo.org> CommitDate: 2021-06-12 18:04:13 +0000 sys-block/blktrace: bump using snapshot Reference: CVE-2018-10689 Bug: https://bugs.gentoo.org/655146 Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> sys-block/blktrace/Manifest | 1 + .../blktrace/blktrace-1.2.0_p20210419122502.ebuild | 61 ++++++++++++++++++++++ 2 files changed, 62 insertions(+) security: you can stablereq it. I chose to use the upstream snapshot because they haven't made a new release in 3.5 years, and it contains other build & functionality fixes to work in edge cases of newer kernels (e.g. cgroup stuff) Thanks Robin! amd64 stable x86 stable ppc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. Unable to check for sanity:
> no match for package: sys-block/blktrace-1.2.0_p20210419122502
Ping, please cleanup GLSA request filed This issue was resolved and addressed in GLSA 202107-15 at https://security.gentoo.org/glsa/202107-15 by GLSA coordinator John Helmert III (ajak). |