Recommended update for coreutils
SUSE Patch
security@suse.de
SUSE Security Team
SUSE-SU-2015:0792-1
Final
1
1
2014-10-16T23:59:36Z
current
2014-10-16T23:59:36Z
2014-10-16T23:59:36Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Recommended update for coreutils
This update for coreutils provides the following fixes and enhancements:
* cp(1) could read from freed memory and could even make corrupt
copies. This could happen with a very fragmented and sparse input
file, on file systems supporting filemap extent scanning.
(bnc#892862)
* Improve ls(1) efficiency on large directories by caching some system
call error codes (ENOTSUP for example) and not calling them again for
files in the same device. (bnc#886129)
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
sledsp3-coreutils,slessp3-coreutils
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://www.suse.com/support/update/announcement/2015/suse-su-20150792-1/
Link for SUSE-SU-2015:0792-1
https://lists.suse.com/pipermail/sle-security-updates/2015-April/001364.html
E-Mail link for SUSE-SU-2015:0792-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/796243
SUSE Bug 796243
https://bugzilla.suse.com/798538
SUSE Bug 798538
https://bugzilla.suse.com/798541
SUSE Bug 798541
https://bugzilla.suse.com/886129
SUSE Bug 886129
https://bugzilla.suse.com/892862
SUSE Bug 892862
https://bugzilla.suse.com/911832
SUSE Bug 911832
https://bugzilla.suse.com/919809
SUSE Bug 919809
https://www.suse.com/security/cve/CVE-2013-0221/
SUSE CVE CVE-2013-0221 page
https://www.suse.com/security/cve/CVE-2013-0222/
SUSE CVE CVE-2013-0222 page
https://www.suse.com/security/cve/CVE-2013-0223/
SUSE CVE CVE-2013-0223 page
https://www.suse.com/security/cve/CVE-2014-9471/
SUSE CVE CVE-2014-9471 page
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3-TERADATA
SUSE Linux Enterprise Server for SAP Applications 11 SP3
coreutils-8.12-6.25.31.1
coreutils-lang-8.12-6.25.31.1
coreutils-x86-8.12-6.25.31.1
coreutils-8.12-6.25.31.1 as a component of SUSE Linux Enterprise Desktop 11 SP3
coreutils-lang-8.12-6.25.31.1 as a component of SUSE Linux Enterprise Desktop 11 SP3
coreutils-8.12-6.25.31.1 as a component of SUSE Linux Enterprise Server 11 SP3
coreutils-lang-8.12-6.25.31.1 as a component of SUSE Linux Enterprise Server 11 SP3
coreutils-x86-8.12-6.25.31.1 as a component of SUSE Linux Enterprise Server 11 SP3
coreutils-8.12-6.25.31.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA
coreutils-lang-8.12-6.25.31.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA
coreutils-x86-8.12-6.25.31.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA
coreutils-8.12-6.25.31.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3
coreutils-lang-8.12-6.25.31.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3
coreutils-x86-8.12-6.25.31.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function.
CVE-2013-0221
SUSE Linux Enterprise Desktop 11 SP3:coreutils-8.12-6.25.31.1
SUSE Linux Enterprise Desktop 11 SP3:coreutils-lang-8.12-6.25.31.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:coreutils-8.12-6.25.31.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:coreutils-lang-8.12-6.25.31.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:coreutils-x86-8.12-6.25.31.1
SUSE Linux Enterprise Server 11 SP3:coreutils-8.12-6.25.31.1
SUSE Linux Enterprise Server 11 SP3:coreutils-lang-8.12-6.25.31.1
SUSE Linux Enterprise Server 11 SP3:coreutils-x86-8.12-6.25.31.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3:coreutils-8.12-6.25.31.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3:coreutils-lang-8.12-6.25.31.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3:coreutils-x86-8.12-6.25.31.1
moderate
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2015/suse-su-20150792-1/
https://www.suse.com/security/cve/CVE-2013-0221.html
CVE-2013-0221
https://bugzilla.suse.com/798538
SUSE Bug 798538
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function.
CVE-2013-0222
SUSE Linux Enterprise Desktop 11 SP3:coreutils-8.12-6.25.31.1
SUSE Linux Enterprise Desktop 11 SP3:coreutils-lang-8.12-6.25.31.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:coreutils-8.12-6.25.31.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:coreutils-lang-8.12-6.25.31.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:coreutils-x86-8.12-6.25.31.1
SUSE Linux Enterprise Server 11 SP3:coreutils-8.12-6.25.31.1
SUSE Linux Enterprise Server 11 SP3:coreutils-lang-8.12-6.25.31.1
SUSE Linux Enterprise Server 11 SP3:coreutils-x86-8.12-6.25.31.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3:coreutils-8.12-6.25.31.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3:coreutils-lang-8.12-6.25.31.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3:coreutils-x86-8.12-6.25.31.1
moderate
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2015/suse-su-20150792-1/
https://www.suse.com/security/cve/CVE-2013-0222.html
CVE-2013-0222
https://bugzilla.suse.com/796243
SUSE Bug 796243
https://bugzilla.suse.com/798538
SUSE Bug 798538
https://bugzilla.suse.com/798541
SUSE Bug 798541
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function.
CVE-2013-0223
SUSE Linux Enterprise Desktop 11 SP3:coreutils-8.12-6.25.31.1
SUSE Linux Enterprise Desktop 11 SP3:coreutils-lang-8.12-6.25.31.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:coreutils-8.12-6.25.31.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:coreutils-lang-8.12-6.25.31.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:coreutils-x86-8.12-6.25.31.1
SUSE Linux Enterprise Server 11 SP3:coreutils-8.12-6.25.31.1
SUSE Linux Enterprise Server 11 SP3:coreutils-lang-8.12-6.25.31.1
SUSE Linux Enterprise Server 11 SP3:coreutils-x86-8.12-6.25.31.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3:coreutils-8.12-6.25.31.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3:coreutils-lang-8.12-6.25.31.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3:coreutils-x86-8.12-6.25.31.1
moderate
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2015/suse-su-20150792-1/
https://www.suse.com/security/cve/CVE-2013-0223.html
CVE-2013-0223
https://bugzilla.suse.com/798538
SUSE Bug 798538
https://bugzilla.suse.com/798541
SUSE Bug 798541
The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command.
CVE-2014-9471
SUSE Linux Enterprise Desktop 11 SP3:coreutils-8.12-6.25.31.1
SUSE Linux Enterprise Desktop 11 SP3:coreutils-lang-8.12-6.25.31.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:coreutils-8.12-6.25.31.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:coreutils-lang-8.12-6.25.31.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:coreutils-x86-8.12-6.25.31.1
SUSE Linux Enterprise Server 11 SP3:coreutils-8.12-6.25.31.1
SUSE Linux Enterprise Server 11 SP3:coreutils-lang-8.12-6.25.31.1
SUSE Linux Enterprise Server 11 SP3:coreutils-x86-8.12-6.25.31.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3:coreutils-8.12-6.25.31.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3:coreutils-lang-8.12-6.25.31.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3:coreutils-x86-8.12-6.25.31.1
moderate
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2015/suse-su-20150792-1/
https://www.suse.com/security/cve/CVE-2014-9471.html
CVE-2014-9471
https://bugzilla.suse.com/911832
SUSE Bug 911832