Bug 903465 (CVE-2013-0222)
Summary: | CVE-2013-0222 coreutils: segfault in uniq with long line input | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | admiller, btotty, jrusnack, kdudka, kzak, ovasik, p, twaugh |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-03-05 13:02:59 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 903468, 1015019 | ||
Bug Blocks: | 974906 |
Description
Vincent Danen
2013-01-24 03:49:52 UTC
Created coreutils tracking bugs for this issue Affects: fedora-all [bug 903468] Thanks Vincent, but fedora-all is not really true, I already fixed the issue in Rawhide... coreutils-8.20-6.fc19 - fix multiple segmantation faults in i18n patch (by SUSE) (#869442, #902917) Should I just close the bugzillas reported by you as duplicates of #902917/#869442 ? Btw. all RHELs are affected as well, they use the vulnerable alloca constructs as well... Well, we're not as concerned with Rawhide as we are with released versions. So unless it's fixed in Fedora 17 and 18, the fedora-all tracker should remain open. Once they are fixed there, feel free to close it via the regular process. For RHEL, we know they are affected. See #c0's statement regarding how we are deferring the fix (low-impact flaw). coreutils-8.17-8.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:1652 https://rhn.redhat.com/errata/RHSA-2013-1652.html |