An update for bcc is now available for openEuler-24.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-2502 Final 1.0 1.0 2024-12-06 Initial 2024-12-06 2024-12-06 openEuler SA Tool V1.0 2024-12-06 bcc security update An update for bcc is now available for openEuler-24.03-LTS BCC is a toolkit for creating efficient kernel tracing and manipulation programs, and includes several useful tools and examples. It makes use of extended BPF (Berkeley Packet Filters), formally known as eBPF, a new feature that was first added to Linux 3.15. BCC makes BPF programs easier to write, with kernel instrumentation in C (and includes a C wrapper around LLVM), and front-ends in Python and lua. It is suited for many tasks, including performance analysis and network traffic control. Security Fix(es): If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.(CVE-2024-2314) An update for bcc is now available for openEuler-24.03-LTS. openEuler Security has rated this update as having a security impact of low. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Low bcc https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2502 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-2314 https://nvd.nist.gov/vuln/detail/CVE-2024-2314 openEuler-24.03-LTS bcc-0.29.1-3.oe2403.src.rpm bcc-0.29.1-3.oe2403.x86_64.rpm bcc-debuginfo-0.29.1-3.oe2403.x86_64.rpm bcc-debugsource-0.29.1-3.oe2403.x86_64.rpm bcc-devel-0.29.1-3.oe2403.x86_64.rpm bcc-lua-0.29.1-3.oe2403.x86_64.rpm bcc-tools-0.29.1-3.oe2403.x86_64.rpm bcc-help-0.29.1-3.oe2403.noarch.rpm python3-bpfcc-0.29.1-3.oe2403.noarch.rpm bcc-0.29.1-3.oe2403.aarch64.rpm bcc-debuginfo-0.29.1-3.oe2403.aarch64.rpm bcc-debugsource-0.29.1-3.oe2403.aarch64.rpm bcc-devel-0.29.1-3.oe2403.aarch64.rpm bcc-lua-0.29.1-3.oe2403.aarch64.rpm bcc-tools-0.29.1-3.oe2403.aarch64.rpm If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default. 2024-12-06 CVE-2024-2314 openEuler-24.03-LTS Low 2.8 AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L bcc security update 2024-12-06 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2502