CVE-2020-10029 in Ubuntu

CVE-2020-10029

Priority

Description

The GNU C Library (aka glibc or libc6) before 2.32 could overflow an
on-stack buffer during range reduction if an input to an 80-bit long double
function contains a non-canonical bit pattern, a seen when passing a
0x5d414141414141410000 value to sinl on x86 targets. This is related to
sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10029
https://ubuntu.com/security/notices/USN-4416-1

Bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=25487
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953108

Notes

Package

Source: eglibc (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	needs-triage

Patches:

Package

Source: glibc (LP Ubuntu Debian)

Upstream:	released (2.30)
Ubuntu 18.04 LTS:	released (2.27-3ubuntu1.2)
Ubuntu 20.04 LTS:	not-affected (2.31-0ubuntu9)
Ubuntu 21.10:	not-affected (2.31-0ubuntu9)
Ubuntu 16.04 ESM:	released (2.23-0ubuntu11.2)
Ubuntu 22.04 LTS:	not-affected (2.31-0ubuntu9)
Ubuntu 14.04 ESM:	DNE

Patches:

Upstream:	https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9333498794cde1d5cca518badf79533a24114b6f (master)
Upstream:	https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c10acd40262486dac597001aecc20ad9d3bd0e4a (master)
Upstream:	https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0474cd5de60448f31d7b872805257092faa626e4 (2.29)
Upstream:	https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8e5d591b101d7d8a4628522f1e5ec24b6dfa731b (2.29)

More Information

Updated: 2022-04-25 00:45:28 UTC (commit ecc1009cb19540b950de59270950018900f37f15)