USN-5990-1: musl vulnerabilities
31 March 2023
Several security issues were fixed in musl.
Releases
Packages
- musl - standard C library
Details
It was discovered that musl did not handle certain i386 math functions
properly. An attacker could use this vulnerability to cause a denial of
service (crash) or possibly execute arbitrary code. This issue only
affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS.
(CVE-2019-14697)
It was discovered that musl did not handle wide-character conversion
properly. A remote attacker could use this vulnerability to cause resource
consumption (infinite loop), denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04
ESM, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2020-28928)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04
-
musl-dev
-
1.1.24-1ubuntu0.1~esm1
Available with Ubuntu Pro
-
musl
-
1.1.24-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04
-
musl-dev
-
1.1.19-1ubuntu0.1~esm1
Available with Ubuntu Pro
-
musl
-
1.1.19-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04
-
musl-dev
-
1.1.9-1ubuntu0.1~esm3
Available with Ubuntu Pro
-
musl
-
1.1.9-1ubuntu0.1~esm3
Available with Ubuntu Pro
Ubuntu 14.04
-
musl-dev
-
0.9.15-1ubuntu0.1~esm2
Available with Ubuntu Pro
-
musl
-
0.9.15-1ubuntu0.1~esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.