USN-5990-1

See a problem?

Source

https://ubuntu.com/security/notices/USN-5990-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5990-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-5990-1

Related

Published

2023-03-31T00:44:58.153028Z

Modified

2023-03-31T00:44:58.153028Z

Summary

musl vulnerabilities

Details

It was discovered that musl did not handle certain i386 math functions properly. An attacker could use this vulnerability to cause a denial of service (crash) or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS. (CVE-2019-14697)

It was discovered that musl did not handle wide-character conversion properly. A remote attacker could use this vulnerability to cause resource consumption (infinite loop), denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2020-28928)

References

Affected packages

Ubuntu:Pro:14.04:LTS / musl

Package

Name: musl
Purl: pkg:deb/ubuntu/musl@0.9.15-1ubuntu0.1~esm2?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.15-1ubuntu0.1~esm2

Affected versions

0.*

0.9.14-2

0.9.14-2ubuntu1

0.9.15-1

0.9.15-1ubuntu0.1~esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "musl-dev": "0.9.15-1ubuntu0.1~esm2",
            "musl": "0.9.15-1ubuntu0.1~esm2",
            "musl-tools": "0.9.15-1ubuntu0.1~esm2"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / musl

Package

Name: musl
Purl: pkg:deb/ubuntu/musl@1.1.9-1ubuntu0.1~esm3?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.9-1ubuntu0.1~esm3

Affected versions

1.*

1.1.9-1

1.1.9-1ubuntu0.1~esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "musl-dev": "1.1.9-1ubuntu0.1~esm3",
            "musl": "1.1.9-1ubuntu0.1~esm3",
            "musl-tools": "1.1.9-1ubuntu0.1~esm3"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / musl

Package

Name: musl
Purl: pkg:deb/ubuntu/musl@1.1.19-1ubuntu0.1~esm1?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.19-1ubuntu0.1~esm1

Affected versions

1.*

1.1.16-3

1.1.18-1

1.1.19-1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "musl-dev": "1.1.19-1ubuntu0.1~esm1",
            "musl": "1.1.19-1ubuntu0.1~esm1",
            "musl-dbgsym": "1.1.19-1ubuntu0.1~esm1",
            "musl-tools": "1.1.19-1ubuntu0.1~esm1"
        }
    ]
}

Ubuntu:Pro:20.04:LTS / musl

Package

Name: musl
Purl: pkg:deb/ubuntu/musl@1.1.24-1ubuntu0.1~esm1?arch=src?distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.24-1ubuntu0.1~esm1

Affected versions

1.*

1.1.23-2build1

1.1.24-1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "musl-dev": "1.1.24-1ubuntu0.1~esm1",
            "musl": "1.1.24-1ubuntu0.1~esm1",
            "musl-dbgsym": "1.1.24-1ubuntu0.1~esm1",
            "musl-tools": "1.1.24-1ubuntu0.1~esm1"
        }
    ]
}