AmazonALAS-2013-261Low: coreutils
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.026 Low
EPSS
Percentile
90.3%
Issue Overview:
It was discovered that the sort, uniq, and join utilities did not properly restrict the use of the alloca() function. An attacker could use this flaw to crash those utilities by providing long input strings. (CVE-2013-0221, CVE-2013-0222, CVE-2013-0223)
Affected Packages:
coreutils
Issue Correction:
Run yum update coreutils to update your system.
New Packages:
i686:
coreutils-libs-8.4-31.17.amzn1.i686
coreutils-8.4-31.17.amzn1.i686
coreutils-debuginfo-8.4-31.17.amzn1.i686
src:
coreutils-8.4-31.17.amzn1.src
x86_64:
coreutils-libs-8.4-31.17.amzn1.x86_64
coreutils-8.4-31.17.amzn1.x86_64
coreutils-debuginfo-8.4-31.17.amzn1.x86_64
Additional References
Red Hat: CVE-2013-0221, CVE-2013-0222, CVE-2013-0223
Mitre: CVE-2013-0221, CVE-2013-0222, CVE-2013-0223
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | coreutils-libs | < 8.4-31.17.amzn1 | coreutils-libs-8.4-31.17.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | coreutils | < 8.4-31.17.amzn1 | coreutils-8.4-31.17.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | coreutils-debuginfo | < 8.4-31.17.amzn1 | coreutils-debuginfo-8.4-31.17.amzn1.i686.rpm |
| Amazon Linux | 1 | x86_64 | coreutils-libs | < 8.4-31.17.amzn1 | coreutils-libs-8.4-31.17.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | coreutils | < 8.4-31.17.amzn1 | coreutils-8.4-31.17.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | coreutils-debuginfo | < 8.4-31.17.amzn1 | coreutils-debuginfo-8.4-31.17.amzn1.x86_64.rpm |
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.026 Low
EPSS
Percentile
90.3%