grep: Denial of Service — GLSA 201502-14

A vulnerability in grep could result in Denial of Service.

Affected Packages

sys-apps/grep on all architectures
Affected versions < 2.21-r1
Unaffected versions >= 2.21-r1

Background

grep is the GNU regular expression matcher.

Description

A heap buffer overrun has been fixed in the bmexec_trans function in kwset.c.

Impact

A local user can cause Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All grep users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-apps/grep-2.21-r1"
 

References

Release Date
February 25, 2015

Latest Revision
February 25, 2015: 1

Severity
normal

Exploitable
local

Bugzilla entries