#5417 closed enhancement (fixed)

Fix CVE-2024-0684 in Coreutils (split heap buffer overflow)

Reported by: Douglas R. Reno Owned by: Xi Ruoyao
Priority: high Milestone: 12.1
Component: Book Version: git
Severity: normal Keywords:
Cc:

Description

I noticed this on oss-security, see https://seclists.org/oss-sec/2024/q1/30

To fix it, we'll need to apply https://github.com/coreutils/coreutils/commit/c4c5ed8f4e9cd55a12966d4f520e3a13101637d9. This should be doable as a sed

Change History (4)

comment:1 by Xi Ruoyao, 11 months ago

Owner: changed from lfs-book to Xi Ruoyao
Status: newassigned

We have a dozen of tickets now (including 3 security fixes) and Linux 6.7.1 is out. And we better do an update before Feb to settle other things down before new Binutils and Glibc.

comment:2 by Xi Ruoyao, 11 months ago

sed -e '/n_out += n_hold/,+4 s|.*bufsize.*|//&|' -i.orig src/split.c

comment:3 by Xi Ruoyao, 11 months ago

Fixed:

Fix CVE-2024-0684

SA 12.0-075.

comment:4 by Xi Ruoyao, 11 months ago

Resolution: fixed
Status: assignedclosed
Note: See TracTickets for help on using tickets.