Solution
Please Install the Updated Packages.
Insight
The coreutils package contains the core GNU utilities. It is a combination of the old GNU fileutils, sh-utils, and textutils packages.
It was discovered that the sort, uniq, and join utilities did not properly restrict the use of the alloca() function. An attacker could use this flaw to crash those utilities by providing long input strings. (CVE-2013-0221, CVE-2013-0222, CVE-2013-0223)
These updated coreutils packages include numerous bug fixes and two enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes.
All coreutils users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.
Affected
coreutils on Red Hat Enterprise Linux Desktop (v. 6), Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-0221, CVE-2013-0222, CVE-2013-0223 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P
Related Vulnerabilities