Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.bugs.dist > #1289330
| Path | csiph.com!news.samoylyk.net!gothmog.csi.it!bofh.it!news.nic.it!robomod |
|---|---|
| From | Salvatore Bonaccorso <carnil@debian.org> |
| Newsgroups | linux.debian.bugs.dist |
| Subject | Bug#1133372: musl: CVE-2026-6042 CVE-2026-40200 |
| Date | Sun, 12 Apr 2026 17:00:02 +0200 |
| Message-ID | <MJ4s2-eBBa-7@gated-at.bofh.it> (permalink) |
| X-Original-To | Debian Bug Tracking System <submit@bugs.debian.org> |
| X-Mailbox-Line | From debian-bugs-dist-request@lists.debian.org Sun Apr 12 14:57:09 2026 |
| Old-Return-Path | <debbugs@buxtehude.debian.org> |
| X-Spam-Flag | NO |
| X-Spam-Score | -1.9 |
| Reply-To | Salvatore Bonaccorso <carnil@debian.org>, 1133372@bugs.debian.org |
| Resent-To | debian-bugs-dist@lists.debian.org |
| Resent-Cc | carnil@debian.org, team@security.debian.org, reiner@reiner-h.de |
| X-Debian-Pr-Message | report 1133372 |
| X-Debian-Pr-Package | src:musl |
| X-Debian-Pr-Keywords | security upstream |
| X-Debian-Pr-Source | musl |
| Content-Type | text/plain; charset="us-ascii" |
| MIME-Version | 1.0 |
| Content-Transfer-Encoding | 7bit |
| X-Mailer | reportbug 13.2.0 |
| X-Debian-Message | from BTS |
| X-Mailing-List | <debian-bugs-dist@lists.debian.org> archive/latest/1963622 |
| List-ID | <debian-bugs-dist.lists.debian.org> |
| List-URL | <https://lists.debian.org/debian-bugs-dist/> |
| Approved | robomod@news.nic.it |
| Lines | 44 |
| Organization | linux.* mail to news gateway |
| Sender | robomod@news.nic.it |
| X-Original-Date | Sun, 12 Apr 2026 16:56:21 +0200 |
| X-Original-Message-ID | <177600578124.1052753.5939914411224481167.reportbug@eldamar.lan> |
| Xref | csiph.com linux.debian.bugs.dist:1289330 |
Show key headers only | View raw
Source: musl
Version: 1.2.5-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Hi,
The following vulnerabilities were published for musl.
CVE-2026-6042[0]:
| A security flaw has been discovered in musl libc up to 1.2.6.
| Affected is the function iconv of the file src/locale/iconv.c of the
| component GB18030 4-byte Decoder. Performing a manipulation results
| in inefficient algorithmic complexity. The attack must be initiated
| from a local position. To fix this issue, it is recommended to
| deploy a patch.
CVE-2026-40200[1]:
| An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-
| based memory corruption can occur during qsort of very large arrays,
| due to incorrectly implemented double-word primitives. The number of
| elements must exceed about seven million, i.e., the 32nd Leonardo
| number on 32-bit platforms (or the 64th Leonardo number on 64-bit
| platforms, which is not practical).
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-6042
https://www.cve.org/CVERecord?id=CVE-2026-6042
https://git.musl-libc.org/cgit/musl/commit/?id=67219f0130ec7c876ac0b299046460fad31caabf
[1] https://security-tracker.debian.org/tracker/CVE-2026-40200
https://www.cve.org/CVERecord?id=CVE-2026-40200
https://git.musl-libc.org/cgit/musl/commit/?id=228da39e38c1cae13cbe637e771412c1984dba5d
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Back to linux.debian.bugs.dist | Previous | Next | Find similar
Bug#1133372: musl: CVE-2026-6042 CVE-2026-40200 Salvatore Bonaccorso <carnil@debian.org> - 2026-04-12 17:00 +0200
csiph-web