MiracleLinux 4 : coreutils-8.4-31.2.0.1.AXS4 (AXSA:2014-028:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-028:01 advisory. These are the GNU core utilities. This package is the combination of the old GNU fileutils, sh-utils, and textutils packages. Security issues fixed...

EUVD-2013-0256

Malware in sbrugna...

K16859: SUSE coreutils vulnerabilities CVE-2013-0221, CVE-2013-0222, and CVE-2013-0223

Security Advisory Description CVE-2013-0221 The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service segmentation fault and crash via a long string to the sort command, when using the 1 -d or 2 -M switch, which triggers a stack-based buffer...

SUSE CVE-2013-0222

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service segmentation fault and crash via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function...

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command which triggers a stack-based buffer overflow in the alloca function.

...

CVE-2013-0222

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service segmentation fault and crash via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function...

sort, uniq, join utilities resources exhaustion

Resources exhaustion on oversized string...