Amazon Linux 1 Security Advisory: ALAS-2013-261
Advisory Release Date: 2013-12-11 20:34 Pacific
Advisory Updated Date: 2014-09-16 22:10 Pacific
Severity:
Low
References:
CVE-2013-0221
CVE-2013-0222
CVE-2013-0223
RHSA-2013-1652
FAQs regarding Amazon Linux ALAS/CVE Severity
FAQs regarding Amazon Linux ALAS/CVE Severity
Issue Overview:
It was discovered that the sort, uniq, and join utilities did not properly restrict the use of the alloca() function. An attacker could use this flaw to crash those utilities by providing long input strings. (CVE-2013-0221, CVE-2013-0222, CVE-2013-0223)
Affected Packages:
coreutils
Issue Correction:
Run yum update coreutils to update your system.
New Packages:
i686:
coreutils-libs-8.4-31.17.amzn1.i686
coreutils-8.4-31.17.amzn1.i686
coreutils-debuginfo-8.4-31.17.amzn1.i686
src:
coreutils-8.4-31.17.amzn1.src
x86_64:
coreutils-libs-8.4-31.17.amzn1.x86_64
coreutils-8.4-31.17.amzn1.x86_64
coreutils-debuginfo-8.4-31.17.amzn1.x86_64