Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 580
Alerts This Week
Warning Icon 1 580

Scientific Linux SL6.x SLSA-2013:1652-2 Low Coreutils Crash Issue

Scientific Large Esm H446
Low: coreutils security, bug fix, and enhancement update
Date: Mon, 9 Dec 2013 16:03:02 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Low: coreutils on SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Low: coreutils security, bug fix, and enhancement update
Advisory ID: SLSA-2013:1652-2
Issue Date: 2013-11-21
CVE Numbers: CVE-2013-0221
 CVE-2013-0222
 CVE-2013-0223
--

It was discovered that the sort, uniq, and join utilities did not properly
restrict the use of the alloca() function. An attacker could use this flaw
to crash those utilities by providing long input strings. (CVE-2013-0221,
CVE-2013-0222, CVE-2013-0223)
--

SL6
 x86_64
 coreutils-8.4-31.el6.x86_64.rpm
 coreutils-debuginfo-8.4-31.el6.x86_64.rpm
 coreutils-libs-8.4-31.el6.x86_64.rpm
 i386
 coreutils-8.4-31.el6.i686.rpm
 coreutils-debuginfo-8.4-31.el6.i686.rpm
 coreutils-libs-8.4-31.el6.i686.rpm

- Scientific Linux Development Team