Summary: | <sys-apps/grep-2.12: Arbitrary command execution (CVE-2012-5667) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | taaroa <taaroa> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | andreis.vinogradovs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://lists.gnu.org/archive/html/bug-grep/2012-12/msg00004.html | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 436692 | ||
Bug Blocks: |
Description
taaroa
2012-12-23 03:49:34 UTC
2.14 has already gone stable although, i'd also point out grep 2.12 has been stable since ~August (In reply to comment #1) > 2.14 has already gone stable Yes. The purpose of the bugreport is to track the issue and to send the glsa. @security, please file the request. New GLSA request filed. *** Bug 448708 has been marked as a duplicate of this bug. *** CVE-2012-5667 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5667): Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow. This issue was resolved and addressed in GLSA 201403-07 at http://security.gentoo.org/glsa/glsa-201403-07.xml by GLSA coordinator Mikle Kolyada (Zlogene). |