Security update for coreutils SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:02353-1 Final 1 1 2025-07-17T12:35:46Z current 2025-07-17T12:35:46Z 2025-07-17T12:35:46Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for coreutils This update for coreutils fixes the following issues: - CVE-2025-5278: Fixed heap buffer under-read may lead to a crash or leak sensitive data (bsc#1243767) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/ltss/sle12.5/sles12sp5:latest-2025-2353,SUSE-2025-2353,SUSE-SLE-SERVER-12-SP5-LTSS-2025-2353,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-2353 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202502353-1/ Link for SUSE-SU-2025:02353-1 https://lists.suse.com/pipermail/sle-updates/2025-July/040761.html E-Mail link for SUSE-SU-2025:02353-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1243767 SUSE Bug 1243767 https://www.suse.com/security/cve/CVE-2025-5278/ SUSE CVE CVE-2025-5278 page Container suse/ltss/sle12.5/sles12sp5:latest SUSE Linux Enterprise Server 12 SP5-LTSS SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 coreutils-8.25-13.19.1 coreutils-lang-8.25-13.19.1 coreutils-testsuite-8.25-13.19.1 coreutils-8.25-13.19.1 as a component of Container suse/ltss/sle12.5/sles12sp5:latest coreutils-8.25-13.19.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS coreutils-lang-8.25-13.19.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS coreutils-8.25-13.19.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 coreutils-lang-8.25-13.19.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data. CVE-2025-5278 Container suse/ltss/sle12.5/sles12sp5:latest:coreutils-8.25-13.19.1 SUSE Linux Enterprise Server 12 SP5-LTSS:coreutils-8.25-13.19.1 SUSE Linux Enterprise Server 12 SP5-LTSS:coreutils-lang-8.25-13.19.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:coreutils-8.25-13.19.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:coreutils-lang-8.25-13.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502353-1/ https://www.suse.com/security/cve/CVE-2025-5278.html CVE-2025-5278 https://bugzilla.suse.com/1243767 SUSE Bug 1243767