Bugzilla – Bug 914695
VUL-0: CVE-2015-1345: grep: -F heap buffer overrun
Last modified: 2015-02-10 09:15:23 UTC
rh#1185440 It was reported [1] that invoking grep with a carefully crafted combination of input and regexp can cause a segfault and/or reading from uninitialized memory. Upstream bugreport: http://bugs.gnu.org/19563 Upstream fix: http://git.sv.gnu.org/cgit/grep.git/commit/?id=83a95bd8c8561875b948cadd417c653dbe7ef2e2 References: https://bugzilla.redhat.com/show_bug.cgi?id=1183651 https://bugzilla.redhat.com/show_bug.cgi?id=1185440 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1345 http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1345.html
This is an autogenerated message for OBS integration: This bug (914695) was mentioned in https://build.opensuse.org/request/show/282841 Factory / grep
bugbot adjusting priority
openSUSE-SU-2015:0243-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 914695 CVE References: CVE-2015-1345 Sources used: openSUSE 13.2 (src): grep-2.20-2.4.1