oss-security - CVE-2016-6323: Missing unwind information on ARM EABI (32-bit) causes backtrace generation to hang

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [day] [month] [year] [list]

Date: Thu, 18 Aug 2016 11:51:02 +0200
From: Florian Weimer <fweimer@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2016-6323: Missing unwind information on ARM EABI (32-bit) causes
 backtrace generation to hang

Andreas Schwab of SuSE reported and fixed a glibc bug where the 
makecontext function would create an execution context which is 
incompatible with the unwinder, causing it to hang when the generation 
of a backtrace is attempted:

   https://sourceware.org/bugzilla/show_bug.cgi?id=20435

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9e2ff6c9cc54c0b4402b8d49e4abe7000fde7617

This is a minor denial-of-service vulnerability.

The bug is specific to ARM EABI (32-bit) and does not affect other 
architectures.  So far, only certain applications compiled using gccgo 
(not the main golang.org toolchain) are known to be affected.

Red Hat Product Security has assigned CVE-2016-6323 to this issue.

Thanks,
Florian

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.