Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:1637-1

Опубликовано: 14 сент. 2015
Источник: suse-cvrf

Описание

Security update for coreutils

This update for coreutils provides the following fixes:

  • Fix memory handling error with case insensitive sort using UTF-8. (CVE-2015-4041, CVE-2015-4042)
  • Ensure 'df -a' shows all remote file system entries.
  • Only suppress remote mounts of separate exports with 'df --total'.
  • Document that 'df -a' might list duplicated file systems.
  • Adjust references to info nodes in man pages.

Список пакетов

SUSE Linux Enterprise Desktop 12
coreutils-8.22-9.1
coreutils-lang-8.22-9.1
SUSE Linux Enterprise Server 12
coreutils-8.22-9.1
coreutils-lang-8.22-9.1
SUSE Linux Enterprise Server for SAP Applications 12
coreutils-8.22-9.1
coreutils-lang-8.22-9.1

Ссылки

Описание

The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:coreutils-8.22-9.1
SUSE Linux Enterprise Desktop 12:coreutils-lang-8.22-9.1
SUSE Linux Enterprise Server 12:coreutils-8.22-9.1
SUSE Linux Enterprise Server 12:coreutils-lang-8.22-9.1
Ссылки

Описание

Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:coreutils-8.22-9.1
SUSE Linux Enterprise Desktop 12:coreutils-lang-8.22-9.1
SUSE Linux Enterprise Server 12:coreutils-8.22-9.1
SUSE Linux Enterprise Server 12:coreutils-lang-8.22-9.1
Ссылки