2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
The coreutils package contains the core GNU utilities. It is a combination of the old GNU fileutils, sh-utils, and textutils packages. It was discovered that the sort, uniq, and join utilities did not properly restrict the use of the alloca() function. An attacker could use this flaw to crash those utilities by providing long input strings. (CVE-2013-0221, CVE-2013-0222, CVE-2013-0223) These updated coreutils packages include numerous bug fixes and two enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All coreutils users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.
rhn.redhat.com/errata/RHSA-2013-1652.html
access.redhat.com/errata/RHSA-2013:1652
access.redhat.com/security/cve/CVE-2013-0222
access.redhat.com/security/updates/classification/#low
access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.5_Technical_Notes/coreutils.html#RHSA-2013-1652
bugzilla.novell.com/show_bug.cgi?id=796243
bugzilla.redhat.com/show_bug.cgi?id=747592
bugzilla.redhat.com/show_bug.cgi?id=816708
bugzilla.redhat.com/show_bug.cgi?id=827199
bugzilla.redhat.com/show_bug.cgi?id=836557
bugzilla.redhat.com/show_bug.cgi?id=842040
bugzilla.redhat.com/show_bug.cgi?id=903465
bugzilla.redhat.com/show_bug.cgi?id=908980
bugzilla.redhat.com/show_bug.cgi?id=965654
bugzilla.redhat.com/show_bug.cgi?id=980061
build.opensuse.org/request/show/149348#diff_headline_coreutils-i18n-patch_diff_action_0_submit_0_19
rhn.redhat.com/errata/RHSA-2013-1652.html