Red Hat Bugzilla – Full Text Bug Listing
|Summary:||CVE-2013-0223 coreutils: segfault in "join -i" with long line input|
|Product:||[Other] Security Response||Reporter:||Vincent Danen <vdanen>|
|Component:||vulnerability||Assignee:||Red Hat Product Security <security-response-team>|
|Status:||CLOSED ERRATA||QA Contact:|
|Version:||unspecified||CC:||admiller, jrusnack, kdudka, kzak, ovasik, p, twaugh|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2015-03-05 08:02:20 EST||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:||903468, 1015019|
Description Vincent Danen 2013-01-23 22:53:11 EST
It was reported  that the join command suffered from a segfault when processing input streams that contained extremely long strings when used with the -i switch. This flaw is due to the inclusion of the coreutils-i18n.patch. SUSE has fixed this by fixing the patch. The changes can be seen here . (There is probably e better place to get the patch, but I don't know where).  https://bugzilla.novell.com/show_bug.cgi?id=798541  https://build.opensuse.org/request/show/149348#diff_headline_coreutils-i18n-patch_diff_action_0_submit_0_19 Statement: (none)
Comment 1 Vincent Danen 2013-01-23 22:54:57 EST
Created coreutils tracking bugs for this issue Affects: fedora-all [bug 903468]
Comment 2 Ondrej Vasik 2013-01-24 10:58:53 EST
Thanks Vincent, but fedora-all is not really true, I already fixed the issue in Rawhide... coreutils-8.20-6.fc19 - fix multiple segmantation faults in i18n patch (by SUSE) (#869442, #902917) Should I just close the bugzillas reported by you as duplicates of #902917/#869442 ? Btw. all RHELs are affected as well, they use the vulnerable alloca constructs as well...
Comment 3 Vincent Danen 2013-01-29 18:30:54 EST
Well, we're not as concerned with Rawhide as we are with released versions. So unless it's fixed in Fedora 17 and 18, the fedora-all tracker should remain open. Once they are fixed there, feel free to close it via the regular process. For RHEL, we know they are affected. See #c0's statement regarding how we are deferring the fix (low-impact flaw).
Comment 4 Fedora Update System 2013-02-01 11:28:21 EST
coreutils-8.17-8.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.