Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

GNU Coreutils: Buffer Overflow Vulnerability — GLSA 202407-16

A vulnerability has been discovered in Coreutils, which can lead to a heap buffer overflow and possibly aribitrary code execution.

Affected packages

Package sys-apps/coreutils on all architectures
Affected versions < 9.4-r1
Unaffected versions >= 9.4-r1

Background

The GNU Core Utilities are the basic file, shell and text manipulation utilities of the GNU operating system.

Description

A vulnerability has been discovered in the Coreutils "split" program that can lead to a heap buffer overflow and possibly arbitrary code execution.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All Coreutils users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-apps/coreutils-9.4-r1"

References

Release date
July 05, 2024

Latest revision
July 05, 2024: 1

Severity
high

Exploitable
local

Bugzilla entries