Описание
Security update for coreutils
This update for coreutils fixes the following issues:
- CVE-2025-5278: Fixed heap buffer under-read may lead to a crash or leak sensitive data (bsc#1243767)
Список пакетов
Container suse/ltss/sle12.5/sles12sp5:latest
coreutils-8.25-13.19.1
SUSE Linux Enterprise Server 12 SP5-LTSS
coreutils-8.25-13.19.1
coreutils-lang-8.25-13.19.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
coreutils-8.25-13.19.1
coreutils-lang-8.25-13.19.1
Ссылки
- Link for SUSE-SU-2025:02353-1
- E-Mail link for SUSE-SU-2025:02353-1
- SUSE Security Ratings
- SUSE Bug 1243767
- SUSE CVE CVE-2025-5278 page
Описание
A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:coreutils-8.25-13.19.1
SUSE Linux Enterprise Server 12 SP5-LTSS:coreutils-8.25-13.19.1
SUSE Linux Enterprise Server 12 SP5-LTSS:coreutils-lang-8.25-13.19.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:coreutils-8.25-13.19.1
Ссылки
- CVE-2025-5278
- SUSE Bug 1243767