oss-sec mailing list archives

Re: CVE Request coreutils

From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 23 Jan 2013 02:20:00 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/22/2013 02:07 AM, Matthias Weckbecker wrote:

On Monday 21 January 2013 15:59:48 Michael Tokarev wrote:

21.01.2013 18:54, Sebastian Krahmer wrote:

Hi,

Can someone assign a CVE id for a buffer overflow in
coreutils? Its the same code snippet (coreutils-i18n.patch) and
it affects sort, uniq and join:


It's probably worth to mention that these are SuSE-specific and
not in upstream, if I understand correctly.


Tough to say unless you really looked into every single
distribution out there. Just assuming something is dangerous.

https://bugzilla.novell.com/show_bug.cgi?id=798538 
https://bugzilla.novell.com/show_bug.cgi?id=796243 
https://bugzilla.novell.com/show_bug.cgi?id=798541


Thanks,

/mjt


Thanks, Matthias


Please use CVE-2013-0221 for SuSE Bug 798538 - VUL-1: coreutils:
segmentation fault in "sort -d" and "sort -M" with long line input

Please use CVE-2013-0222 for SuSE Bug 796243 - VUL-1: coreutils:
segmentation fault in "uniq" with long line input

Please use CVE-2013-0223 for SuSE Bug 798541 - VUL-1: coreutils:
segmentation fault in "join -i" with long line input



- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQ/6tAAAoJEBYNRVNeJnmT+1MP/2Wpws+D7H1woEHxmZEKQIil
tHEOi/lEQRHQQFILqL7pIlhOnz2Kv7MC2CzWNviZ8IRzfz2mFFCk/gpqPDn0MbgA
KlMLn8lytFq4vsMX0LgfVAJNbG+W+VQYuw54mLu2svenPUys5rzA38tAS6aF9OD7
5qAVnXazqriPOmshFpBNC3HQw0MKJWORco69H7uGDI3fpz29mE1OSezbubaaQB+T
x68l8Rzils7e8uuow5fktGV1YoT0+O0FT3KFzkYBOHQLJBZ3UUyZVDkccSpd5o0t
/yAVoOpR8QdNXVSD5RiC5SFucKiw2Hhosh4DubqdEFHHAEBHyhAksR1i4ZutROXR
5JUDfnZNKxwO6G2HqoWA2ImlMOcWP7NzYQmi2fsPrDEwggdB894SwciU5R+sjhDy
zWhX1dS4qdMqOGVNKq3etWTiPVIEBBC5F6HEEtJEGTjLAodwTU3rSXBpZe9YFM4s
h3BWs3pnAqcs+8fFXBAPnN89Y13DgaclIxOPrMrVE+ws3SE3+JO/XUa7PNHfbxlL
awkFGjw2IMCG7nkfuEKikfHF0WnrnwxUKc3JkAzY492Q4Rc5f3IZjaF7D6+K8+Jo
T45dm+GCbUXuLFZKqobvSyiIdcCP8YCPBufiCzmfWoFiLKPSenrV8YIilXCmWdsc
l+6UXRP1n/52ifyH7/mE
=5e0x
-----END PGP SIGNATURE-----

Current thread:

CVE Request coreutils Sebastian Krahmer (Jan 21)
- Re: CVE Request coreutils Michael Tokarev (Jan 21)
  - Re: CVE Request coreutils Kurt Seifried (Jan 21)
  - Re: CVE Request coreutils Matthias Weckbecker (Jan 22)
    - Re: CVE Request coreutils Kurt Seifried (Jan 23)
- Re: CVE Request coreutils Moritz Muehlenhoff (Jan 21)
  - Re: CVE Request coreutils Vincent Danen (Jan 21)
    - Re: CVE Request coreutils Kurt Seifried (Jan 21)
    - Re: CVE Request coreutils Sebastian Krahmer (Jan 21)
    - Re: CVE Request coreutils Vincent Danen (Jan 22)
    - Re: CVE Request coreutils Sebastian Krahmer (Jan 22)
    - Re: CVE Request coreutils Vincent Danen (Jan 23)
    - Re: CVE Request coreutils Florian Weimer (Jan 22)
    - Re: CVE Request coreutils Florian Weimer (Jan 22)
  - Re: CVE Request coreutils Sebastian Krahmer (Jan 22)