Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 454
Alerts This Week
Warning Icon 1 454

Ubuntu 14.04 LTS: USN-2473-1 Critical: Coreutils Denial of Service

ubuntu
Calendar Grey January 15, 2015
Dist Ubuntu Esm H88
To safeguard against denial of service and privilege escalation vulnerabilities in coreutils on Ubuntu, follow these essential instructions to ensure your system's security
date and touch could be made to crash or run programs if theyhandled specially crafted input.

Summary

date and touch could be made to crash or run programs if they

handled specially crafted input.

Software Description:

- coreutils: GNU core utilities

Details:

It was discovered that the distcheck rule in dist-check.mk in GNU

coreutils allows local users to gain privileges via a symlink attack

on a directory tree under /tmp. This issue only affected Ubuntu 10.04 LTS.

(CVE-2009-4135)

Bertrand Jacquin and Fiedler Roman discovered date and touch incorrectly

handled user-supplied input. An attacker could possibly use this to cause

a denial of service or potentially execute code. (CVE-2014-9471)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  coreutils                       8.21-1ubuntu5.1

Ubuntu 12.04 LTS:
  coreutils                       8.13-3ubuntu3.3

Ubuntu 10.04 LTS:
  coreutils                       7.4-2ubuntu3.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2473-1

CVE-2009-4135, CVE-2014-9471

Severity
critical
Lowest
Low
Medium
High
Critical

January 14, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.