Alerts This Week
Warning Icon 1 687
Alerts This Week
Warning Icon 1 687

Gentoo: GLSA-202003-13 Normal: musl Buffer Overflow Impact and Resolution

gentoo
Calendar Grey March 14, 2020
Dist Gentoo Esm H88
Gentoo Linux GLSA 202203-14 discusses a critical security issue in NetBSD's kernel, which may lead to system crashes. Immediate action advised.
A stack-based buffer overflow in musl might allow an attacker to have an application dependent impact.

Summary

A flaw in musl libc's arch-specific math assembly code for i386 was found which can lead to x87 stack overflow in the execution of subsequent math code.

Topics%20covered

Topics Covered

security advisory gentoo stack overflow normal application impact musl

Resolution

All musl users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-libs/musl-1.1.24"

References

[ 1 ] CVE-2019-14697 https://nvd.nist.gov/vuln/detail/CVE-2019-14697

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202003-13
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity: Normal
Title: musl: Stack-based buffer overflow
Date: March 14, 2020
Bugs: #711276
ID: 202003-13

Topics%20covered

Topics Covered

security advisory gentoo stack overflow normal application impact musl

Synopsis

A stack-based buffer overflow in musl might allow an attacker to have an application dependent impact.

Background

musl is an implementation of the C standard library built on top of the Linux system call API, including interfaces defined in the base language standard, POSIX, and widely agreed-upon extensions.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-libs/musl < 1.1.24 >= 1.1.24

Impact

===== the ABI-violating x87 state.

Workaround

There is no known workaround at this time.

Related News

Your message here