Bugzilla – Bug 911832
VUL-0: CVE-2014-9471: coreutils: memory corruption flaw in parse_datetime()
Last modified: 2015-05-19 13:43:51 UTC
CVE-2014-9471 A memory corruption flaw was reported in parse_datetime(). If an application using parse_datetime(), such as touch or date, accepted untrusted input, it could cause the application to crash or, potentially, execute arbitrary code. References: http://debbugs.gnu.org/cgi/bugreport.cgi?msg=11;filename=date-tz-crash.patch;att=1;bug=16872 (proposed patch) http://seclists.org/oss-sec/2014/q4/782 https://bugzilla.redhat.com/show_bug.cgi?id=1167548
bugbot adjusting priority
debbugs.gnu.org doesn't respond, so I'll have to wait to get the proposed patch, unless someone does have that patch.
Probably those are the needed patches? http://debbugs.gnu.org/cgi/bugreport.cgi?msg=11;filename=date-tz-crash.patch;att=1;bug=16872 http://debbugs.gnu.org/cgi/bugreport.cgi?msg=19;filename=coreutils-date-crash.patch;att=1;bug=16872
I already have the patch. It was just a hickup in our network.
reproducers: $ touch '--date=TZ="123"345" @1' $ date '--date=TZ="123"345" @1'
SLE-11-SP3 is vulnerable as I could test with the reproducers: vpereira@bragg:~> date '--date=TZ="123"345" @1' Segmentation fault
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2015-02-27. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/60668
Packages submitted.
(In reply to Philipp Thomas from comment #14) > Packages submitted. Thank you for the submission. Assigning back to security team.
SUSE-SU-2015:0792-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 911832,919809 CVE References: CVE-2014-9471 Sources used: SUSE Linux Enterprise Server 11 SP3 for VMware (src): coreutils-8.12-6.25.32.33.1 SUSE Linux Enterprise Server 11 SP3 (src): coreutils-8.12-6.25.32.33.1 SUSE Linux Enterprise Desktop 11 SP3 (src): coreutils-8.12-6.25.32.33.1