musl: Integer overflow — GLSA 201701-11

An integer overflow in musl might allow an attacker to execute arbitrary code.

Affected Packages

sys-libs/musl on all architectures
Affected versions < 1.1.15-r2
Unaffected versions >= 1.1.15-r2

Background

musl is a “libc”, an implementation of the standard library functionality described in the ISO C and POSIX standards, plus common extensions, intended for use on Linux-based systems.

Description

A vulnerability was discovered in musl’s tre_tnfa_run_parallel function buffer overflow logic, due to the incorrect use of integer types and missing overflow checks.

Impact

An attacker, who controls the regular expression and/or string being searched, could execute arbitrary code with the privileges of the process.

Workaround

There is no known workaround at this time.

Resolution

All musl users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-libs/musl-1.1.15-r2"
 

References

Release Date
January 02, 2017

Latest Revision
January 02, 2017: 1

Severity
normal

Exploitable
local, remote

Bugzilla entries