GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sat Mar 14, 2020 7:26 pm Post subject: [ GLSA 202003-13 ] musl |
 |
|
Gentoo Linux Security Advisory
Title: musl: x87 floating-point stack adjustment imbalance (GLSA 202003-13)
Severity: normal
Exploitable: local, remote
Date: 2020-03-14
Bug(s): #711276
ID: 202003-13
Synopsis
An x87 stack handling error in musl might allow an attacker to have
an application dependent impact.
Background
musl is an implementation of the C standard library built on top of the
Linux system call API, including interfaces defined in the base language
standard, POSIX, and widely agreed-upon extensions.
Affected Packages
Package: sys-libs/musl
Vulnerable: < 1.1.24
Unaffected: >= 1.1.24
Architectures: All supported architectures
Description
A flaw in musl libc’s arch-specific math assembly code for i386 was
found which can lead to x87 stack overflow in the execution of subsequent
math code.
Impact
Impact depends on how the application built against musl libc handles
the ABI-violating x87 state.
Workaround
There is no known workaround at this time.
Resolution
All musl users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=sys-libs/musl-1.1.24"
|
References
CVE-2019-14697
Last edited by GLSA on Sun Mar 15, 2020 4:17 am; edited 1 time in total |
|
News & Announcements
