Red Hat Bugzilla – Bug 144518
CAN-2005-0087 alsa-lib disables stack protection for it's users
Last modified: 2013-03-01 00:14:50 EST
Description of problem:
libasound.so will disable the stack execution protection for all the apps using
it, which is quite a big chunk of our desktop apps.
The cause is a bit of evil code in src/mixer/mixer.c
I will attach a patch to fix this.
Note that this is a rather serious security issue due to the effect of disabling
stack protection (both execshield segment and NX) for a wide range of
applications at once.
Created attachment 109498 [details]
patch to fix this issue
I'm assigning this issue CAN-2005-0087 as it borderline qualifies for
a CVE name under the definition of "exposure". Since this has the
potential to disable stack execution protection for a large number of
applications, it's violating a reasonable security stance for the
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.