ALAS-2013-261


Amazon Linux AMI Security Advisory: ALAS-2013-261
Advisory Release Date: 2014-09-16 22:10 Pacific
Severity: Low

Issue Overview:

It was discovered that the sort, uniq, and join utilities did not properly restrict the use of the alloca() function. An attacker could use this flaw to crash those utilities by providing long input strings. (CVE-2013-0221 , CVE-2013-0222 , CVE-2013-0223 )


Affected Packages:

coreutils


Issue Correction:
Run yum update coreutils to update your system.

New Packages:
i686:
    coreutils-libs-8.4-31.17.amzn1.i686
    coreutils-8.4-31.17.amzn1.i686
    coreutils-debuginfo-8.4-31.17.amzn1.i686

src:
    coreutils-8.4-31.17.amzn1.src

x86_64:
    coreutils-libs-8.4-31.17.amzn1.x86_64
    coreutils-8.4-31.17.amzn1.x86_64
    coreutils-debuginfo-8.4-31.17.amzn1.x86_64