Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:0792-1

Опубликовано: 16 окт. 2014
Источник: suse-cvrf

Описание

Recommended update for coreutils

This update for coreutils provides the following fixes and enhancements:

* cp(1) could read from freed memory and could even make corrupt copies. This could happen with a very fragmented and sparse input file, on file systems supporting filemap extent scanning. (bnc#892862) * Improve ls(1) efficiency on large directories by caching some system call error codes (ENOTSUP for example) and not calling them again for files in the same device. (bnc#886129)

Список пакетов

SUSE Linux Enterprise Desktop 11 SP3
coreutils-8.12-6.25.31.1
coreutils-lang-8.12-6.25.31.1
SUSE Linux Enterprise Server 11 SP3
coreutils-8.12-6.25.31.1
coreutils-lang-8.12-6.25.31.1
coreutils-x86-8.12-6.25.31.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
coreutils-8.12-6.25.31.1
coreutils-lang-8.12-6.25.31.1
coreutils-x86-8.12-6.25.31.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3
coreutils-8.12-6.25.31.1
coreutils-lang-8.12-6.25.31.1
coreutils-x86-8.12-6.25.31.1

Ссылки

Описание

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:coreutils-8.12-6.25.31.1
SUSE Linux Enterprise Desktop 11 SP3:coreutils-lang-8.12-6.25.31.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:coreutils-8.12-6.25.31.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:coreutils-lang-8.12-6.25.31.1
Ссылки

Описание

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:coreutils-8.12-6.25.31.1
SUSE Linux Enterprise Desktop 11 SP3:coreutils-lang-8.12-6.25.31.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:coreutils-8.12-6.25.31.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:coreutils-lang-8.12-6.25.31.1
Ссылки

Описание

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:coreutils-8.12-6.25.31.1
SUSE Linux Enterprise Desktop 11 SP3:coreutils-lang-8.12-6.25.31.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:coreutils-8.12-6.25.31.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:coreutils-lang-8.12-6.25.31.1
Ссылки

Описание

The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:coreutils-8.12-6.25.31.1
SUSE Linux Enterprise Desktop 11 SP3:coreutils-lang-8.12-6.25.31.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:coreutils-8.12-6.25.31.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:coreutils-lang-8.12-6.25.31.1
Ссылки