Red Hat Bugzilla – Bug 903466
CVE-2013-0223 coreutils: segfault in "join -i" with long line input
Last modified: 2015-03-06 04:08:09 EST
It was reported  that the join command suffered from a segfault when processing input streams that contained extremely long strings when used with the -i switch. This flaw is due to the inclusion of the coreutils-i18n.patch.
SUSE has fixed this by fixing the patch. The changes can be seen here . (There is probably e better place to get the patch, but I don't know where).
Created coreutils tracking bugs for this issue
Affects: fedora-all [bug 903468]
Thanks Vincent, but fedora-all is not really true, I already fixed the issue in Rawhide...
- fix multiple segmantation faults in i18n patch (by SUSE) (#869442, #902917)
Should I just close the bugzillas reported by you as duplicates of #902917/#869442 ?
Btw. all RHELs are affected as well, they use the vulnerable alloca constructs as well...
Well, we're not as concerned with Rawhide as we are with released versions. So unless it's fixed in Fedora 17 and 18, the fedora-all tracker should remain open. Once they are fixed there, feel free to close it via the regular process.
For RHEL, we know they are affected. See #c0's statement regarding how we are deferring the fix (low-impact flaw).
coreutils-8.17-8.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2013:1652 https://rhn.redhat.com/errata/RHSA-2013-1652.html