[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] multiple NULL pointer dereference vulnerabilities in newlib
From: Dimitrios Glynos <dimitris () census-labs ! com>
Date: 2020-01-31 21:17:29
Message-ID: d6e0d9ec-8bc5-9034-b387-7e66f71fa0de () census-labs ! com
[Download RAW message or body]
Hello all,
newlib versions prior to 3.3.0 (and derivatives like newlib-nano,
picolibc, related ARM toolchains) are vulnerable to a number
of NULL pointer dereference vulnerabilities.
The following CVEs were assigned by RedHat for these issues:
CVE-2019-14871, CVE-2019-14872, CVE-2019-14873, CVE-2019-14874,
CVE-2019-14875, CVE-2019-14876, CVE-2019-14877, CVE-2019-14878
More details about the issues are available here:
https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
It is advised to update newlib installations to version 3.3.0
and make sure to build with the newlib-reent-check-verify
'configure' option enabled, to correctly address these
issues.
Kind Regards,
Dimitris
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic