Joined: 12 May 2004
|Posted: Sat Mar 14, 2020 7:26 pm Post subject: [ GLSA 202003-13 ] musl
|Gentoo Linux Security Advisory
Title: musl: x87 floating-point stack adjustment imbalance (GLSA 202003-13)
Exploitable: local, remote
An x87 stack handling error in musl might allow an attacker to have
an application dependent impact.
musl is an implementation of the C standard library built on top of the
Linux system call API, including interfaces defined in the base language
standard, POSIX, and widely agreed-upon extensions.
Vulnerable: < 1.1.24
Unaffected: >= 1.1.24
Architectures: All supported architectures
A flaw in musl libc’s arch-specific math assembly code for i386 was
found which can lead to x87 stack overflow in the execution of subsequent
Impact depends on how the application built against musl libc handles
the ABI-violating x87 state.
There is no known workaround at this time.
All musl users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-libs/musl-1.1.24"
Last edited by GLSA on Sun Mar 15, 2020 4:17 am; edited 1 time in total