Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
200
security advisorybuffer overflowbug fixScientific Linux SL7: SLSA-2015:2111-7 Low: grep Buffer Overflow Advisory
Low: grep security and bug fix update. Date: Mon, 21 Dec 2015 23:14:33 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Low: grep on SL7.x x86_64 MIME-Version: 1.0 Message-ID: Synopsis: Low: grep security and bug fix update Advisory ID: SLSA-2015:2111-7 Issue Date: 2015-11-19 CVE Numbers: CVE-2015-1345 -- A heap-based buffer overflow flaw was found in the way grep processed certain pattern and text combinations. An attacker able to trick a user into running grep on specially crafted input could use this flaw to crash grep or, potentially, read from uninitialized memory. (CVE-2015-1345) This update also fixes the following bugs: * Prior to this update, the \w and \W symbols were inconsistently matched to the [:alnum:] character class. Consequently, using regular expressions with "\w" and "\W" could lead to incorrect results. With this update, "\w" is consistently matched to the [_[:alnum:]] character, and "\W" is consistently matched to the [^_[:alnum:]] character. * Previously, the Perl Compatible Regular Expression (PCRE) matcher (selected by the "-P" parameter in grep) did not work correctly when matching non-UTF-8 text in UTF-8 locales. Consequently, an error message about invalid UTF-8 byte sequence characters was returned. To fix this bug, patches from upstream have been applied to the grep utility. As a result, PCRE now skips non-UTF-8 characters as non-matching text without returning any error message. -- SL7 x86_64 grep-2.20-2.el7.x86_64.rpm grep-debuginfo-2.20-2.el7.x86_64.rpm - Scientific Linux Development Team . A low severity buffer overflow vulnerability in GREP could disrupt program behavior. Users are urged to update to the latest version for security.. Scientific Linux, grep security, buffer overflow fix, low severity update. . Severity: Low. LinuxSecurity.com Team
Dec 21, 2015
•Low
Scientific Linux
200
security advisorybuffer overflowbug fixScientific Linux 6.x SLSA-2015:1447-1 Low: grep Buffer Overflow
Low: grep security, bug fix, and enhancement update. Date: Mon, 3 Aug 2015 19:13:25 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Connie Sieh Subject: Security ERRATA Low: grep on SL6.x i386/x86_64 MIME-Version: 1.0 Message-ID: Synopsis: Low: grep security, bug fix, and enhancement update Advisory ID: SLSA-2015:1447-1 Issue Date: 2015-07-22 CVE Numbers: CVE-2012-5667 CVE-2015-1345 -- An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way grep parsed large lines of data. An attacker able to trick a user into running grep on a specially crafted data file could use this flaw to crash grep or, potentially, execute arbitrary code with the privileges of the user running grep. (CVE-2012-5667) A heap-based buffer overflow flaw was found in the way grep processed certain pattern and text combinations. An attacker able to trick a user into running grep on specially crafted input could use this flaw to crash grep or, potentially, read from uninitialized memory. (CVE-2015-1345) The grep packages have been upgraded to upstream version 2.20, which provides a number of bug fixes and enhancements over the previous version. Notably, the speed of various operations has been improved significantly. Now, the recursive grep utility uses the fts function of the gnulib library for directory traversal, so that it can handle much larger directories without reporting the "File name too long" error message, and it can operate faster when dealing with large directory hierarchies. This update also fixes the following bugs: * Prior to this update, the \w and \W symbols were inconsistently matched to the [:alnum:] character class. Consequently, regular expressions that used \w and \W in some cases had incorrect results. An upstream patch which fixes the matching problem has been applied, and \w is now matched to the [_[:alnum:]] character and \W to the [^_[:alnum:]] character consistently. * Previously, the "--fixed-regexp" command-line option wasnot included in the grep(1) manual page. Consequently, the manual page was inconsistent with the built-in help of the grep utility. To fix this bug, grep(1) has been updated to include a note informing the user that "--fixed-regexp" is an obsolete option. Now, the built-in help and manual page are consistent regarding the "--fixed-regexp" option. * Previously, the Perl Compatible Regular Expression (PCRE) library did not work correctly when matching non-UTF-8 text in UTF-8 mode. Consequently, an error message about invalid UTF-8 byte sequence characters was returned. To fix this bug, patches from upstream have been applied to the PCRE library and the grep utility. As a result, PCRE now skips non-UTF-8 characters as non-matching text without returning any error message. -- SL6 x86_64 grep-2.20-3.el6.x86_64.rpm grep-debuginfo-2.20-3.el6.x86_64.rpm i386 grep-2.20-3.el6.i686.rpm grep-debuginfo-2.20-3.el6.i686.rpm - Scientific Linux Development Team . Security update notice for Scientific Linux 6.x regarding minor grep enhancements and issue resolutions.. grep Bug Fix, Security Update, Scientific Linux, Buffer Overflow Fix. . Severity: Low. LinuxSecurity.com Team
Aug 03, 2015
•Low
Scientific Linux
98
security advisoryRed Hatbuffer overflowRed Hat 6 RHSA-2015:1447-01 Minor: grep Memory Vulnerabilities Alert
Updated grep packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Low: grep security, bug fix, and enhancement update Advisory ID: RHSA-2015:1447-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2015:1447.html Issue date: 2015-07-22 Updated on: 2015-01-29 CVE Names: CVE-2012-5667 CVE-2015-1345 ==================================================================== 1. Summary: Updated grep packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The grep utility searches through textual input for lines that contain a match to a specified pattern and then prints the matching lines. The GNU grep utilities include grep, egrep, and fgrep. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way grep parsed large lines of data. An attacker able to trick a user into running grep on a specially crafted data file could use this flaw to crash grep or, potentially, execute arbitrary code with the privileges of the user running grep. (CVE-2012-5667) A heap-based buffer overflow flaw was found in the way grepprocessed certain pattern and text combinations. An attacker able to trick a user into running grep on specially crafted input could use this flaw to crash grep or, potentially, read from uninitialized memory. (CVE-2015-1345) The grep packages have been upgraded to upstream version 2.20, which provides a number of bug fixes and enhancements over the previous version. Notably, the speed of various operations has been improved significantly. Now, the recursive grep utility uses the fts function of the gnulib library for directory traversal, so that it can handle much larger directories without reporting the "File name too long" error message, and it can operate faster when dealing with large directory hierarchies. (BZ#982215, BZ#1064668, BZ#1126757, BZ#1167766, BZ#1171806) This update also fixes the following bugs: * Prior to this update, the \w and \W symbols were inconsistently matched to the [:alnum:] character class. Consequently, regular expressions that used \w and \W in some cases had incorrect results. An upstream patch which fixes the matching problem has been applied, and \w is now matched to the [_[:alnum:]] character and \W to the [^_[:alnum:]] character consistently. (BZ#799863) * Previously, the "--fixed-regexp" command-line option was not included in the grep(1) manual page. Consequently, the manual page was inconsistent with the built-in help of the grep utility. To fix this bug, grep(1) has been updated to include a note informing the user that "--fixed-regexp" is an obsolete option. Now, the built-in help and manual page are consistent regarding the "--fixed-regexp" option. (BZ#1103270) * Previously, the Perl Compatible Regular Expression (PCRE) library did not work correctly when matching non-UTF-8 text in UTF-8 mode. Consequently, an error message about invalid UTF-8 byte sequence characters was returned. To fix this bug, patches from upstream have been applied to the PCRE library and the grep utility. As a result, PCRE now skips non-UTF-8 characters as non-matching text without returningany error message. (BZ#1193030) All grep users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 799863 - inconsistent \w and [[:alnum:]] behaviour 889935 - CVE-2012-5667 grep: Integer overflow leading to heap-based buffer-overflow when reading large lines 982215 - word boundary error near an utf8 character 1103270 - undocumented option --fixed-regexp 1167766 - grep Abandons (with core dump in some systems) when invoked with recurse and perl switches 1171806 - grep matches lowercase when only searching for uppercase range 1183651 - CVE-2015-1345 grep: heap buffer overrun 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: grep-2.20-3.el6.src.rpm i386: grep-2.20-3.el6.i686.rpm grep-debuginfo-2.20-3.el6.i686.rpm x86_64: grep-2.20-3.el6.x86_64.rpm grep-debuginfo-2.20-3.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: grep-2.20-3.el6.src.rpm x86_64: grep-2.20-3.el6.x86_64.rpm grep-debuginfo-2.20-3.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: grep-2.20-3.el6.src.rpm i386: grep-2.20-3.el6.i686.rpm grep-debuginfo-2.20-3.el6.i686.rpm ppc64: grep-2.20-3.el6.ppc64.rpm grep-debuginfo-2.20-3.el6.ppc64.rpm s390x: grep-2.20-3.el6.s390x.rpm grep-debuginfo-2.20-3.el6.s390x.rpm x86_64: grep-2.20-3.el6.x86_64.rpm grep-debuginfo-2.20-3.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: grep-2.20-3.el6.src.rpm i386: grep-2.20-3.el6.i686.rpm grep-debuginfo-2.20-3.el6.i686.rpm x86_64: grep-2.20-3.el6.x86_64.rpm grep-debuginfo-2.20-3.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2012-5667 https://access.redhat.com/security/cve/CVE-2015-1345 https://access.redhat.com/security/updates/classification#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2015 Red Hat, Inc. . Red Hat's advisory reveals a grep tool update that mitigates low-impact vulnerabilities. While not critical, these risks warrant attention for improved performance and stability. Red Hat Security,Grep Update,Security Patches,Low Severity Fixes. . Severity: Low. LinuxSecurity.com Team
Jul 22, 2015
•Low
Red Hat
198
security advisorydenial of servicelow severityArch Linux: ASA-202110-3 Moderate Severity: awk Heap Corruption
The package grep before version 2.21-2 is vulnerable to denial of service via heap buffer out-of-bounds read. . Arch Linux Security Advisory ASA-201503-4 ======================================== Severity: Low Date : 2015-03-05 CVE-ID : CVE-2015-1345 Package : grep Type : denial of service Remote : No Link : https://wiki.archlinux.org/title/CVE Summary ====== The package grep before version 2.21-2 is vulnerable to denial of service via heap buffer out-of-bounds read. Resolution ========= Upgrade to 2.21-2. # pacman -Syu "grep> =2.21-2" The problem has been fixed upstream but no release is available yet. Workaround ========= None. Description ========== The bmexec_trans function in kwset.c allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option. grep's read buffer is often filled to its full size, except when reading the final buffer of a file. In that case, the number of bytes read may be far less than the size of the buffer. However, for certain unusual pattern/text combinations, grep -F would mistakenly examine bytes in that uninitialized region of memory when searching for a match. With carefully chosen inputs, one can cause grep -F to read beyond the end of that buffer altogether. This problem arose via commit v2.18-90-g73893ff with the introduction of a more efficient heuristic using what is now the memchr_kwset function. The use of that function in bmexec_trans could leave TP much larger than EP, and the subsequent call to bm_delta2_search would mistakenly access beyond end of the main input read buffer. Impact ===== A local attacker is able to use specially crafted input when using the -F option to cause a heap buffer out-of-bounds read leading to denial of service. References ========= https://seclists.org/oss-sec/2015/q1/179 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1345 https://bugs.archlinux.org/task/44017 . A critical security flaw inthe grep tool of Arch Linux prior to version 2.21-2 necessitates urgent remediation.. Arch Linux, Grep Denial, Service Advisory, Software Security. . Severity: Low. LinuxSecurity.com Team
Mar 05, 2015
•Low
ArchLinux
91
security advisorydenial of servicegentooGentoo: 202203-28 Advisory: findrace Race Condition Vulnerability
A vulnerability in grep could result in Denial of Service.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201502-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: grep: Denial of Service Date: February 25, 2015 Bugs: #537046 ID: 201502-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability in grep could result in Denial of Service. Background ========= grep is the GNU regular expression matcher. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-apps/grep < 2.21-r1 > = 2.21-r1 Description ========== A heap buffer overrun has been fixed in the bmexec_trans function in kwset.c. Impact ===== A local user can cause Denial of Service. Workaround ========= There is no known workaround at this time. Resolution ========= All grep users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =sys-apps/grep-2.21-r1" References ========= [ 1 ] CVE-2015-1345 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1345 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201502-14 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Feb 25, 2015
Gentoo
89
security advisoryFedora Corecritical fixFedora Core 4: 2005-487 Critical: Grep Encoding Fix for Bug #161700
This update fixes a regression in handling 'grep -Fw' for encodings other than UTF-8 (bug #161700).. --------------------------------------------------------------------- Fedora Update Notification FEDORA-2005-487 2005-07-07 --------------------------------------------------------------------- Product : Fedora Core 4 Name : grep Version : 2.5.1 =20 Release : 48.2 =20 Summary : The GNU versions of grep pattern matching utilities. Description : The GNU versions of commonly used grep utilities. Grep searches through textual input for lines which contain a match to a specified pattern and then prints the matching lines. GNU's grep utilities include grep, egrep and fgrep. You should install grep on your system, because it is a very useful utility for searching through text. --------------------------------------------------------------------- Update Information: This update fixes a regression in handling 'grep -Fw' for encodings other than UTF-8 (bug #161700). --------------------------------------------------------------------- * Tue Jun 28 2005 Tim Waugh 2.5.1-48.2 - Futher fixing for bug #161700. * Mon Jun 27 2005 Tim Waugh 2.5.1-48.1 - Fix 'grep -Fw' for encodings other than UTF-8 (bug #161700). * Wed Apr 13 2005 Tim Waugh - Build requires recent pcre-devel (bug #154626). --------------------------------------------------------------------- This update can be downloaded from: e40b2fe83f1644f1f20415b47ffc17c5 SRPMS/grep-2.5.1-48.2.src.rpm 65abca2a53be7901241521b3aadd544b ppc/grep-2.5.1-48.2.ppc.rpm 62f327fe9460294513e160374b5946aa ppc/debug/grep-debuginfo-2.5.1-48.2.ppc.rpm c35066cd581fa2431e434caa3c29aef8 x86_64/grep-2.5.1-48.2.x86_64.rpm b2d046027b8c3fde20fafb3e9297d9e4 x86_64/debug/grep-debuginfo-2.5.1-48.2.x86_64.rpm 708be97bebc3db5930c9225d2dfe4ccb i386/grep-2.5.1-48.2.i386.rpm 17209ef397d1c65d2b91704b17f77eec i386/debug/grep-debuginfo-2.5.1-48.2.i386.rpm This update can also be installed with the Update Agent; youcan launch the Update Agent with the 'up2date' command. =20 --------------------------------------------------------------------- --PnXnnR/daWGQjfKI Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFCzVDPHU/d4jnpWe0RAt9WAKCG0nxhE/pwF0ttDNBxEWLsNZwvlACeMrem VDwAw/aZIOIVzyglvZ+V+9M=9+Io -----END PGP SIGNATURE----- --PnXnnR/daWGQjfKI-- --===============1143293309=Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline -- fedora-announce-list mailing list
Jul 07, 2005
•Critical
Fedora
89
security advisoryfedoramoderate severityCentOS Linux 7: CENTOS-2023-1048 Moderate: curl Unicode Handling Update
This update fixes a small regression in handling multibyte input for "grep -Fi", and further improves performance when processing UTF-8 input.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-547 2005-01-20 ---------------------------------------------------------------------Product : Fedora Core 3 Name : grep Version : 2.5.1 =20 Release : 31.4 =20 Summary : The GNU versions of grep pattern matching utilities. Description : The GNU versions of commonly used grep utilities. Grep searches through textual input for lines which contain a match to a specified pattern and then prints the matching lines. GNU's grep utilities include grep, egrep and fgrep. You should install grep on your system, because it is a very useful utility for searching through text. ---------------------------------------------------------------------Update Information: This update fixes a small regression in handling multibyte input for "grep -Fi", and further improves performance when processing UTF-8 input. ---------------------------------------------------------------------* Tue Dec 21 2004 Tim Waugh 2.5.1-31.4 - Fixed -Fi for multibyte input (bug #143079). - Bypass kwset matching when ignoring case and processing multibyte input (bug #143079). * Tue Dec 14 2004 Tim Waugh 2.5.1-31.3 - Further UTF-8 processing avoided since a 'n' byte is always an end-of-line character in that encoding. ---------------------------------------------------------------------This update can be downloaded from: d916766de14a0bdaafc85f1fd1d389e1 SRPMS/grep-2.5.1-31.4.src.rpm 516444cad69e8827102f4a587b5ff6fe x86_64/grep-2.5.1-31.4.x86_64.rpm 2430f64ca4394dfa47d20da040e5a128 x86_64/debug/grep-debuginfo-2.5.1-31.4.x86_64.rpm 3f306f14eef51c99e2670e4735209649 i386/grep-2.5.1-31.4.i386.rpm 2c9819f4e0cf14e932372c2e0009b4c0 i386/debug/grep-debuginfo-2.5.1-31.4.i386.rpm This updatecan also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. =20 --------------------------------------------------------------------- --5SP9XAeWvMQmGYip Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE-----Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFB7+pEHU/d4jnpWe0RAlx7AJ0YxLpE16W4VP2DMRV4a4Yr2A1bZgCeMp4F rLrZmytXO00yewvMsxOTdq4=zy+d -----END PGP SIGNATURE-------5SP9XAeWvMQmGYip-- --===============0990670934=Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline --fedora-announce-list mailing list
Jan 20, 2005
Fedora
89
security advisoryupdatecriticalFedora: FEDORA-2004-463 Critical: Grep Performance Improvement
This update improves performance when processing UTF-8 input.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2004-463 2004-12-14 ---------------------------------------------------------------------Product : Fedora Core 3 Name : grep Version : 2.5.1 Release : 31.2 Summary : The GNU versions of grep pattern matching utilities. Description : The GNU versions of commonly used grep utilities. Grep searches through textual input for lines which contain a match to a specified pattern and then prints the matching lines. GNU's grep utilities include grep, egrep and fgrep. You should install grep on your system, because it is a very useful utility for searching through text. ---------------------------------------------------------------------Update Information: This update improves performance when processing UTF-8 input. ---------------------------------------------------------------------* Fri Dec 03 2004 Tim Waugh 2.5.1-31.2 - Fixed a busy loop in the egf-speedup patch (bug #140781). * Wed Nov 24 2004 Tim Waugh 2.5.1-31.1 - Fixed a bug in the fgrep patch, exposed by the dfa-optional patch (bug #138558). - Applied patch from Karsten Hopp to fix background colour problems with --color output (bug #138913). - Automatically disable DFA when processing multibyte input. GREP_USE_DFA environment variable overrides. - Remove mb-caching hack. - Better multibyte handling in EGexecute() and Fexecute(). - Don't need regex.c changes in grep-2.5-i18n.patch. ---------------------------------------------------------------------This update can be downloaded from: b2b675bae68a87a942592d61ef41da67 SRPMS/grep-2.5.1-31.2.src.rpm f016da85910f521b1bb8698f1c1928d4 x86_64/grep-2.5.1-31.2.x86_64.rpm 669cb2df3754070a1b30dbb9ecf9beb8 x86_64/debug/grep-debuginfo-2.5.1-31.2.x86_64.rpm 8a424ae1f93e726c0cdce57ccc988508 i386/grep-2.5.1-31.2.i386.rpm a66a59a71b27d0847d38b0102e02fb0d i386/debug/grep-debuginfo-2.5.1-31.2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- . This Fedora release improves awk's performance with multibyte characters, correcting past errors. Discover additional details.. grep update, Fedora utility, performance improvements, UTF-8 processing. . Severity: Critical. LinuxSecurity.com Team
Dec 14, 2004
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!