DescriptionThe alsa-lib package in Red Hat Linux 4 disables stack protection for the library, which makes it easier for attackers to execute arbitrary code if there are other vulnerabilities in the library.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
alsa-lib (PTS)stretch1.1.3-5fixed
bullseye, sid1.2.3.2-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs


debian does not have stack protection, but it's fixed anyway since 1.0.9

Search for package or bug name: Reporting problems