[Security] arbitrary code execution (CVE-2021-3420)
Task Info (Flyspray) | |
---|---|
Opened By | Jonas Witschel (diabonas) |
Task ID | 70050 |
Type | Bug Report |
Project | Community Packages |
Category | Security |
Version | None |
OS | All |
Opened | 2021-03-18 10:54:31 UTC |
Status | Assigned |
Assignee | Levente Polyak (anthraxx) |
Assignee | Filipe Laíns (FFY00) |
Details
Summary
The package riscv32-elf-newlib is vulnerable to arbitrary code execution via CVE-2021-3420.
Guidance
Updating riscv32-elf-newlib to the latest version 4.1.0 (or applying the patch referenced below) fixes the issue.
References
https://security.archlinux.org/AVG-1628 https://bugzilla.redhat.com/show_bug.cgi?id=1934088 https://sourceware.org/git/?p=newlib-cygwin.git;a=commitdiff;h=aa106b29a6a8a1b0df9e334704292cbc32f2d44e