OESA-2026-2088

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2088

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2026-2088.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2026-2088

Upstream

CVE-2026-40200

CVE-2026-6042

Published

2026-04-25T05:50:06Z

Modified

2026-04-25T06:04:41.597330Z

Summary

musl security update

Details

musl is an implementation of the C standard library built on top of the Linux system call API, including interfaces defined in the base language standard, POSIX, and widely agreed-upon extensions. It is lightweight, fast, simple, free, and strives to be correct in the sense of standards conformance and safety.

Security Fix(es):

An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).(CVE-2026-40200)

A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.(CVE-2026-6042)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:24.03-LTS-SP1 / musl

Package

Name: musl
Purl: pkg:rpm/openEuler/musl&distro=openEuler-24.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.4-6.oe2403sp1

Ecosystem specific

{
    "x86_64": [
        "musl-debuginfo-1.2.4-6.oe2403sp1.x86_64.rpm",
        "musl-debugsource-1.2.4-6.oe2403sp1.x86_64.rpm",
        "musl-devel-1.2.4-6.oe2403sp1.x86_64.rpm",
        "musl-gcc-1.2.4-6.oe2403sp1.x86_64.rpm",
        "musl-libc-1.2.4-6.oe2403sp1.x86_64.rpm",
        "musl-libc-static-1.2.4-6.oe2403sp1.x86_64.rpm"
    ],
    "src": [
        "musl-1.2.4-6.oe2403sp1.src.rpm"
    ],
    "aarch64": [
        "musl-debuginfo-1.2.4-6.oe2403sp1.aarch64.rpm",
        "musl-debugsource-1.2.4-6.oe2403sp1.aarch64.rpm",
        "musl-devel-1.2.4-6.oe2403sp1.aarch64.rpm",
        "musl-gcc-1.2.4-6.oe2403sp1.aarch64.rpm",
        "musl-libc-1.2.4-6.oe2403sp1.aarch64.rpm",
        "musl-libc-static-1.2.4-6.oe2403sp1.aarch64.rpm"
    ]
}

Database specific

source

"https://repo.openeuler.org/security/data/osv/OESA-2026-2088.json"