grep: User-assisted execution of arbitrary code — GLSA 201403-07

A vulnerability in grep could result in execution of arbitrary code or Denial of Service.

Affected Packages

sys-apps/grep on all architectures
Affected versions < 2.12
Unaffected versions >= 2.12

Background

grep is the GNU regular expression matcher.

Description

An integer overflow flaw has been discovered in grep.

Impact

An attacker could entice a user to run grep on a specially crafted file, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All grep users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-apps/grep-2.12"
 

References

Release Date
March 26, 2014

Latest Revision
March 26, 2014: 1

Severity
normal

Exploitable
local, remote

Bugzilla entries