coreutils is vulnerable to denial of service. The sort
, uniq
, and join
utilities did not properly restrict the use of the alloca()
function, which allows an attacker to crash those utilities in a stack-based buffer overflow by providing long input strings
rhn.redhat.com/errata/RHSA-2013-1652.html
access.redhat.com/errata/RHSA-2013:1652
access.redhat.com/security/cve/CVE-2013-0221
access.redhat.com/security/updates/classification/#low
access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.5_Technical_Notes/coreutils.html#RHSA-2013-1652
bugzilla.novell.com/show_bug.cgi?id=798538
bugzilla.redhat.com/show_bug.cgi?id=747592
bugzilla.redhat.com/show_bug.cgi?id=816708
bugzilla.redhat.com/show_bug.cgi?id=827199
bugzilla.redhat.com/show_bug.cgi?id=836557
bugzilla.redhat.com/show_bug.cgi?id=842040
bugzilla.redhat.com/show_bug.cgi?id=903464
bugzilla.redhat.com/show_bug.cgi?id=908980
bugzilla.redhat.com/show_bug.cgi?id=965654
bugzilla.redhat.com/show_bug.cgi?id=980061
build.opensuse.org/request/show/149348#diff_headline_coreutils-i18n-patch_diff_action_0_submit_0_19
rhn.redhat.com/errata/RHSA-2013-1652.html