Security update for coreutils
SUSE Patch
security@suse.de
SUSE Security Team
SUSE-SU-2015:1637-1
Final
1
1
2015-09-14T17:05:48Z
current
2015-09-14T17:05:48Z
2015-09-14T17:05:48Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for coreutils
This update for coreutils provides the following fixes:
- Fix memory handling error with case insensitive sort using UTF-8.
(CVE-2015-4041, CVE-2015-4042)
- Ensure 'df -a' shows all remote file system entries.
- Only suppress remote mounts of separate exports with 'df --total'.
- Document that 'df -a' might list duplicated file systems.
- Adjust references to info nodes in man pages.
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
SUSE-SLE-DESKTOP-12-2015-599,SUSE-SLE-SERVER-12-2015-599
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://www.suse.com/support/update/announcement/2015/suse-su-20151637-1/
Link for SUSE-SU-2015:1637-1
https://lists.suse.com/pipermail/sle-security-updates/2015-September/001604.html
E-Mail link for SUSE-SU-2015:1637-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/866010
SUSE Bug 866010
https://bugzilla.suse.com/901905
SUSE Bug 901905
https://bugzilla.suse.com/907290
SUSE Bug 907290
https://bugzilla.suse.com/921559
SUSE Bug 921559
https://bugzilla.suse.com/928749
SUSE Bug 928749
https://bugzilla.suse.com/930565
SUSE Bug 930565
https://bugzilla.suse.com/933396
SUSE Bug 933396
https://www.suse.com/security/cve/CVE-2015-4041/
SUSE CVE CVE-2015-4041 page
https://www.suse.com/security/cve/CVE-2015-4042/
SUSE CVE CVE-2015-4042 page
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server for SAP Applications 12
coreutils-8.22-9.1
coreutils-lang-8.22-9.1
coreutils-8.22-9.1 as a component of SUSE Linux Enterprise Desktop 12
coreutils-lang-8.22-9.1 as a component of SUSE Linux Enterprise Desktop 12
coreutils-8.22-9.1 as a component of SUSE Linux Enterprise Server 12
coreutils-lang-8.22-9.1 as a component of SUSE Linux Enterprise Server 12
coreutils-8.22-9.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12
coreutils-lang-8.22-9.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12
The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.
CVE-2015-4041
SUSE Linux Enterprise Desktop 12:coreutils-8.22-9.1
SUSE Linux Enterprise Desktop 12:coreutils-lang-8.22-9.1
SUSE Linux Enterprise Server 12:coreutils-8.22-9.1
SUSE Linux Enterprise Server 12:coreutils-lang-8.22-9.1
SUSE Linux Enterprise Server for SAP Applications 12:coreutils-8.22-9.1
SUSE Linux Enterprise Server for SAP Applications 12:coreutils-lang-8.22-9.1
moderate
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2015/suse-su-20151637-1/
https://www.suse.com/security/cve/CVE-2015-4041.html
CVE-2015-4041
https://bugzilla.suse.com/928749
SUSE Bug 928749
Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.
CVE-2015-4042
SUSE Linux Enterprise Desktop 12:coreutils-8.22-9.1
SUSE Linux Enterprise Desktop 12:coreutils-lang-8.22-9.1
SUSE Linux Enterprise Server 12:coreutils-8.22-9.1
SUSE Linux Enterprise Server 12:coreutils-lang-8.22-9.1
SUSE Linux Enterprise Server for SAP Applications 12:coreutils-8.22-9.1
SUSE Linux Enterprise Server for SAP Applications 12:coreutils-lang-8.22-9.1
moderate
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2015/suse-su-20151637-1/
https://www.suse.com/security/cve/CVE-2015-4042.html
CVE-2015-4042
https://bugzilla.suse.com/1167100
SUSE Bug 1167100
https://bugzilla.suse.com/928749
SUSE Bug 928749