<!--X-Body-Begin-->
<!--X-User-Header-->
oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->
By Date
By Thread
</form>
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
multiple NULL pointer dereference vulnerabilities in newlib
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
From: Dimitrios Glynos <dimitris () census-labs com>
Date: Fri, 31 Jan 2020 23:17:29 +0200
<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
Hello all,
newlib versions prior to 3.3.0 (and derivatives like newlib-nano,
picolibc, related ARM toolchains) are vulnerable to a number
of NULL pointer dereference vulnerabilities.
The following CVEs were assigned by RedHat for these issues:
CVE-2019-14871, CVE-2019-14872, CVE-2019-14873, CVE-2019-14874,
CVE-2019-14875, CVE-2019-14876, CVE-2019-14877, CVE-2019-14878
More details about the issues are available here:
https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
It is advised to update newlib installations to version 3.3.0
and make sure to build with the newlib-reent-check-verify
'configure' option enabled, to correctly address these
issues.
Kind Regards,
Dimitris
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
By Date
By Thread
Current thread:
multiple NULL pointer dereference vulnerabilities in newlib Dimitrios Glynos (Jan 31)
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->