The coreutils package contains the core GNU utilities. It is a combination of the old GNU fileutils, sh-utils, and textutils packages. It was discovered that the sort, uniq, and join utilities did not properly restrict the use of the alloca() function. An attacker could use this flaw to crash those utilities by providing long input strings. (CVE-2013-0221, CVE-2013-0222, CVE-2013-0223) These updated coreutils packages include numerous bug fixes and two enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All coreutils users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.
rhn.redhat.com/errata/RHSA-2013-1652.html
access.redhat.com/errata/RHSA-2013:1652
access.redhat.com/security/cve/CVE-2013-0223
access.redhat.com/security/updates/classification/#low
access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.5_Technical_Notes/coreutils.html#RHSA-2013-1652
bugzilla.novell.com/show_bug.cgi?id=798541
bugzilla.redhat.com/show_bug.cgi?id=747592
bugzilla.redhat.com/show_bug.cgi?id=816708
bugzilla.redhat.com/show_bug.cgi?id=827199
bugzilla.redhat.com/show_bug.cgi?id=836557
bugzilla.redhat.com/show_bug.cgi?id=842040
bugzilla.redhat.com/show_bug.cgi?id=903466
bugzilla.redhat.com/show_bug.cgi?id=908980
bugzilla.redhat.com/show_bug.cgi?id=965654
bugzilla.redhat.com/show_bug.cgi?id=980061
build.opensuse.org/request/show/149348#diff_headline_coreutils-i18n-patch_diff_action_0_submit_0_19
rhn.redhat.com/errata/RHSA-2013-1652.html