Amazon Linux 1 Security Advisory: ALAS-2013-261
Advisory Release Date: 2013-12-11 20:34 Pacific
Advisory Updated Date: 2014-09-16 22:10 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
It was discovered that the sort, uniq, and join utilities did not properly restrict the use of the alloca() function. An attacker could use this flaw to crash those utilities by providing long input strings. (CVE-2013-0221, CVE-2013-0222, CVE-2013-0223)
Affected Packages:
coreutils
Issue Correction:
Run yum update coreutils to update your system.
i686:
coreutils-libs-8.4-31.17.amzn1.i686
coreutils-8.4-31.17.amzn1.i686
coreutils-debuginfo-8.4-31.17.amzn1.i686
src:
coreutils-8.4-31.17.amzn1.src
x86_64:
coreutils-libs-8.4-31.17.amzn1.x86_64
coreutils-8.4-31.17.amzn1.x86_64
coreutils-debuginfo-8.4-31.17.amzn1.x86_64