|
Message-ID: <8eff73fa-3688-7ae2-06d3-e45d22d3691c@redhat.com> Date: Thu, 18 Aug 2016 11:51:02 +0200 From: Florian Weimer <fweimer@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE-2016-6323: Missing unwind information on ARM EABI (32-bit) causes backtrace generation to hang Andreas Schwab of SuSE reported and fixed a glibc bug where the makecontext function would create an execution context which is incompatible with the unwinder, causing it to hang when the generation of a backtrace is attempted: https://sourceware.org/bugzilla/show_bug.cgi?id=20435 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9e2ff6c9cc54c0b4402b8d49e4abe7000fde7617 This is a minor denial-of-service vulnerability. The bug is specific to ARM EABI (32-bit) and does not affect other architectures. So far, only certain applications compiled using gccgo (not the main golang.org toolchain) are known to be affected. Red Hat Product Security has assigned CVE-2016-6323 to this issue. Thanks, Florian
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.