Mageia Bugzilla – Bug 8934
coreutils new security issues CVE-2013-0221, CVE-2013-0222, CVE-2013-0223
Last modified: 2013-02-13 00:53:11 CET
Fedora has issued an advisory on January 25:
These issues are caused by the i18n patch, which we appear to have.
Mageia 2 would also be affected.
It appears the master branch in Fedora git had the exact same i18n patch we do in Cauldron. The updated one for version 8.20 is here:
Fedora 17 has the same coreutils version we do, 8.15. Their i18n patch there was almost exactly the same as ours, but not quite exactly. Here's the updated one for 8.15:
I have committed them to SVN for Mageia 2 and Cauldron, but I'll wait for Thomas to give the go-ahead to push them to the build system.
Looks ok, Go ahead and push them...
Fixed packages uploaded for Mageia 2 and Cauldron.
Updated coreutils packages fix security vulnerabilities:
It was reported that the sort command suffered from a segfault when processing
input streams that contained extremely long strings when used with the -d and
-M switches (CVE-2013-0221).
It was reported that the uniq command suffered from a segfault when processing
input streams that contained extremely long strings (CVE-2013-0222).
It was reported that the join command suffered from a segfault when processing
input streams that contained extremely long strings when used with the -i
Updated packages in core/updates_testing:
Tested i586 in VM.
CVE-2013-0221: unable to reproduce bug
CVE-2013-0222 and CVE-2013-0223: bugs reproduced; bugs gone after update.
Could you add the relevant whiteboard keyword please Carolyn.
Now testing 64-bit.
Testing complete on 64-bit.
All bugs verified before update.
All bugs gone after update.
See comment 3 for advisory and SRPM.
Could sysadmin please push from core/updates_testing to core/updates.