Red Hat Bugzilla – Full Text Bug Listing
|Summary:||CVE-2013-0221 coreutils: segfault in "sort -d" and "sort -M" with long line input|
|Product:||[Other] Security Response||Reporter:||Vincent Danen <vdanen>|
|Component:||vulnerability||Assignee:||Red Hat Product Security <security-response-team>|
|Status:||CLOSED ERRATA||QA Contact:|
|Version:||unspecified||CC:||admiller, btotty, jrusnack, kdudka, kzak, ovasik, p, twaugh|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2015-03-05 08:03:22 EST||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:||903468, 1015019|
Description Vincent Danen 2013-01-23 22:46:38 EST
It was reported  that the sort command suffered from a segfault when processing input streams that contained extremely long strings when used with the -d and -M switches. This flaw is due to the inclusion of the coreutils-i18n.patch. SUSE has fixed this by fixing the patch. The changes can be seen here . (There is probably e better place to get the patch, but I don't know where).  https://bugzilla.novell.com/show_bug.cgi?id=798538  https://build.opensuse.org/request/show/149348#diff_headline_coreutils-i18n-patch_diff_action_0_submit_0_19 Statement: (none)
Comment 1 Vincent Danen 2013-01-23 22:54:22 EST
Created coreutils tracking bugs for this issue Affects: fedora-all [bug 903468]
Comment 2 Ondrej Vasik 2013-01-24 10:58:04 EST
Thanks Vincent, but fedora-all is not really true, I already fixed the issue in Rawhide... - fix multiple segmantation faults in i18n patch (by SUSE) (#869442, #902917) Should I just close the bugzillas reported by you as duplicates of #902917/#869442 ? Btw. all RHELs are affected as well, they use the vulnerable alloca constructs as well...
Comment 3 Vincent Danen 2013-01-29 18:30:04 EST
Well, we're not as concerned with Rawhide as we are with released versions. So unless it's fixed in Fedora 17 and 18, the fedora-all tracker should remain open. Once they are fixed there, feel free to close it via the regular process. For RHEL, we know they are affected. See #c0's statement regarding how we are deferring the fix (low-impact flaw).
Comment 4 Fedora Update System 2013-02-01 11:28:04 EST
coreutils-8.17-8.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.