Bug 798541 (CVE-2013-0223)

Summary:	VUL-1: CVE-2013-0223: coreutils: segmentation fault in "join -i" with long line input
Product:	[openSUSE] openSUSE 12.2	Reporter:	Forgotten User m4H6SeH0_b <forgotten_m4H6SeH0_b>
Component:	Security	Assignee:	Security Team bot <security-team>
Status:	RESOLVED FIXED	QA Contact:	E-mail List <qa-bugs>
Severity:	Normal
Priority:	P3 - Medium	CC:	mail, meissner, pth, security-team, wolfgang
Version:	Final
Target Milestone:	---
Hardware:	x86-64
OS:	openSUSE 12.2
Whiteboard:	maint:released:sle11-sp3:54067 maint:released:sle11-sp1:54065 maint:released:sle10-sp3:62364
Found By:	---	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---
Bug Depends on:	796243
Bug Blocks:	798538
Deadline:	2013-08-28

Description Forgotten User m4H6SeH0_b 2013-01-15 14:43:37 UTC

+++ This bug was initially created as a clone of Bug #796243 +++

"join -i" crashes if input stream contains very long strings

% perl -e 'print "1","A"x50000000,"\r\n\r\n"' > /tmp/test.txt
% join -i /tmp/test.txt /tmp/test.txt
[1]    13579 segmentation fault  join -i /tmp/test.txt /tmp/test.txt
% rm /tmp/test.txt

Depending on the stack size the string can be as short as ~10MB (in the above example 50MB)

Reproducible: Always

Steps to Reproduce:
1. see above
Actual Results:  
crash

Expected Results:  
no crash

Comment 1 Sebastian Krahmer 2013-01-16 13:30:58 UTC

Probably enough to fix it in Factory.

Comment 2 Bernhard Voelker 2013-01-21 08:36:15 UTC

Fixed in Base:System, submitted to Factory:
https://build.opensuse.org/request/show/149348

Fixes for openSUSE:Maintenance pending.

Comment 3 Matthias Weckbecker 2013-01-23 11:58:18 UTC

CVE-2013-0223 was assigned to this.

Comment 4 Bernhard Voelker 2013-01-23 12:34:15 UTC

Maintenance requests created:

11.4:
https://build.opensuse.org/request/show/149689

12.1:
https://build.opensuse.org/request/show/149691

12.2:
https://build.opensuse.org/request/show/149694

Comment 5 Wolfgang Rosenauer 2013-01-26 09:01:50 UTC

Bernhard, thanks for the 11.4 submit. As 11.4 is not running the very same update process anymore it would be very helpful if you could recreate the request for Evergreen 11.4.
Please see the description here:
http://en.opensuse.org/openSUSE:Evergreen#Version_11.4_and_higher

Comment 6 Bernhard Wiedemann 2013-01-26 19:00:28 UTC

This is an autogenerated message for OBS integration:
This bug (798541) was mentioned in
https://build.opensuse.org/request/show/150013 Maintenance /

Comment 7 Bernhard Wiedemann 2013-01-26 20:00:29 UTC

This is an autogenerated message for OBS integration:
This bug (798541) was mentioned in
https://build.opensuse.org/request/show/150015 Maintenance /

Comment 8 Bernhard Wiedemann 2013-01-26 21:00:32 UTC

This is an autogenerated message for OBS integration:
This bug (798541) was mentioned in
https://build.opensuse.org/request/show/150025 Maintenance /

Comment 9 Swamp Workflow Management 2013-02-04 13:05:05 UTC

openSUSE-SU-2013:0232-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 796243,798538,798541
CVE References: CVE-2013-0221,CVE-2013-0222,CVE-2013-0223
Sources used:
openSUSE 12.1 (src):    coreutils-8.14-3.19.1

Comment 10 Swamp Workflow Management 2013-02-04 13:05:37 UTC

openSUSE-SU-2013:0233-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 796243,798538,798541
CVE References: CVE-2013-0221,CVE-2013-0222,CVE-2013-0223
Sources used:
openSUSE 12.2 (src):    coreutils-8.16-5.12.1

Comment 11 Swamp Workflow Management 2013-02-04 14:04:51 UTC

openSUSE-SU-2013:0237-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 796243,798538,798541
CVE References: CVE-2013-0221,CVE-2013-0222,CVE-2013-0223
Sources used:
openSUSE 11.4 (src):    coreutils-8.9-23.1

Comment 12 Marcus Meissner 2013-03-19 13:27:08 UTC

Please submit with the current coreutils update for SLE11

Comment 13 Philipp Thomas 2013-08-09 14:27:34 UTC

Fixes for SLE11-SP! and SLE11-SP2 submitted as SRs 28314 and 28315

Comment 15 Swamp Workflow Management 2013-08-14 06:21:26 UTC

The SWAMPID for this issue is 54064.
This issue was rated as moderate.
Please submit fixed packages until 2013-08-28.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.

Comment 16 Philipp Thomas 2013-08-19 13:14:06 UTC

Packages for SLE where submitted

Comment 17 Philipp Thomas 2013-08-19 13:40:04 UTC

Reopen to reassign

Comment 18 Swamp Workflow Management 2013-09-25 14:50:10 UTC

Update released for: coreutils, coreutils-debuginfo, coreutils-debuginfo-x86, coreutils-debugsource, coreutils-lang, coreutils-x86
Products:
SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP2 (i386, x86_64)
SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP2 (i386, x86_64)

Comment 19 Swamp Workflow Management 2013-09-25 14:55:50 UTC

Update released for: coreutils, coreutils-debuginfo, coreutils-debuginfo-x86, coreutils-debugsource, coreutils-lang, coreutils-x86
Products:
SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP3 (i386, x86_64)
SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP3 (i386, x86_64)

Comment 20 Swamp Workflow Management 2013-09-26 09:05:08 UTC

Update released for: coreutils, coreutils-debuginfo, coreutils-debugsource, coreutils-lang
Products:
SLE-SERVER 11-SP1-TERADATA (x86_64)

Comment 21 Marcus Meissner 2013-10-01 15:08:38 UTC

released