Upstream information

CVE-2013-0221 at MITRE

Description

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.30
Vector AV:N/AC:M/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entry: 798538 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 SP2
  • coreutils >= 8.12-6.25.29.1
  • coreutils-lang >= 8.12-6.25.29.1
Patchnames:
sledsp2-coreutils
SUSE Linux Enterprise Desktop 11 SP3
  • coreutils >= 8.12-6.25.29.1
  • coreutils-lang >= 8.12-6.25.29.1
Patchnames:
sledsp3-coreutils
SUSE Linux Enterprise Desktop 12
  • coreutils >= 8.22-5.17
  • coreutils-lang >= 8.22-5.17
Patchnames:
SUSE Linux Enterprise Desktop 12 GA coreutils
SUSE Linux Enterprise Desktop 12 SP1
  • coreutils >= 8.22-9.1
  • coreutils-lang >= 8.22-9.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA coreutils
SUSE Linux Enterprise Desktop 12 SP2
  • coreutils >= 8.25-12.8
  • coreutils-lang >= 8.25-12.8
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA coreutils
SUSE Linux Enterprise Server 11 SP2
  • coreutils >= 8.12-6.25.29.1
  • coreutils-lang >= 8.12-6.25.29.1
  • coreutils-x86 >= 8.12-6.25.29.1
Patchnames:
slessp2-coreutils
SUSE Linux Enterprise Server 11 SP3
  • coreutils >= 8.12-6.25.29.1
  • coreutils-lang >= 8.12-6.25.29.1
  • coreutils-x86 >= 8.12-6.25.29.1
Patchnames:
slessp3-coreutils
SUSE Linux Enterprise Server 11 SP4
  • coreutils >= 8.12-6.25.32.33.1
  • coreutils-lang >= 8.12-6.25.32.33.1
  • coreutils-x86 >= 8.12-6.25.32.33.1
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA coreutils
SUSE Linux Enterprise Server 12
  • coreutils >= 8.22-5.5
  • coreutils-lang >= 8.22-5.5
Patchnames:
SUSE Linux Enterprise Server 12 GA coreutils
SUSE Linux Enterprise Server 12 SP1
  • coreutils >= 8.22-9.1
  • coreutils-lang >= 8.22-9.1
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA coreutils
SUSE Linux Enterprise Server 12 SP2
  • coreutils >= 8.25-12.8
  • coreutils-lang >= 8.25-12.8
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA coreutils
SUSE Linux Enterprise Server for Rasperry Pi 12 SP2
  • coreutils >= 8.25-12.8
  • coreutils-lang >= 8.25-12.8
Patchnames:
SUSE Linux Enterprise Server for Rasperry Pi 12 SP2 GA coreutils
SUSE Linux Enterprise Server for VMWare 11 SP2
  • coreutils >= 8.12-6.25.29.1
  • coreutils-lang >= 8.12-6.25.29.1
  • coreutils-x86 >= 8.12-6.25.29.1
Patchnames:
slessp2-coreutils
SUSE Linux Enterprise Server for VMWare 11 SP3
  • coreutils >= 8.12-6.25.29.1
  • coreutils-lang >= 8.12-6.25.29.1
  • coreutils-x86 >= 8.12-6.25.29.1
Patchnames:
slessp3-coreutils
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • coreutils >= 8.12-6.25.29.1
  • coreutils-lang >= 8.12-6.25.29.1
Builds
SAT Patch Nr: 8334
SUSE Linux Enterprise Server 11 SP2
  • coreutils >= 8.12-6.25.29.1
  • coreutils-lang >= 8.12-6.25.29.1
  • coreutils-x86 >= 8.12-6.25.29.1
Builds
SAT Patch Nr: 8334
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • coreutils >= 8.12-6.25.29.1
  • coreutils-lang >= 8.12-6.25.29.1
Builds
SAT Patch Nr: 8336
SUSE Linux Enterprise Server 11 SP3
  • coreutils >= 8.12-6.25.29.1
  • coreutils-lang >= 8.12-6.25.29.1
  • coreutils-x86 >= 8.12-6.25.29.1
Builds
SAT Patch Nr: 8336
openSUSE 13.2
  • coreutils >= 8.23-2.3.1
  • coreutils-debuginfo >= 8.23-2.9.1
  • coreutils-debugsource >= 8.23-2.9.1
  • coreutils-lang >= 8.23-2.9.1
  • coreutils-testsuite >= 8.23-2.9.1
Patchnames:
openSUSE 13.2 GA coreutils
openSUSE-2015-381
openSUSE Evergreen 11.4
  • coreutils >= 8.9-23.1
  • coreutils-debuginfo >= 8.9-23.1
  • coreutils-debuginfo-x86 >= 8.9-23.1
  • coreutils-debugsource >= 8.9-23.1
  • coreutils-lang >= 8.9-23.1
  • coreutils-x86 >= 8.9-23.1
Patchnames:
2013-16
openSUSE Leap 42.1
  • coreutils >= 8.22-4.1
  • coreutils-lang >= 8.22-4.1
Patchnames:
openSUSE Leap 42.1 GA coreutils
openSUSE Leap 42.2
  • coreutils >= 8.25-1.4
  • coreutils-lang >= 8.25-1.4
Patchnames:
openSUSE Leap 42.2 GA coreutils
openSUSE Tumbleweed
  • coreutils >= 8.26-1.1
  • coreutils-lang >= 8.26-1.1
  • coreutils-testsuite >= 8.26-1.1
Patchnames:
openSUSE Tumbleweed GA coreutils