Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 15 May 2015 01:39:27 +0100
From: Pádraig Brady <>
Subject: coreutils sort heap overflow

FYI on distros with the coreutils i18n patch applied
(Suse/RHEL/Fedora/...) a heap overflow can be triggered in sort(1) as per:

The following should be the simplest way to trigger this on affected distros:
(note the error is not generated 100% of the time):

  printf '%s\n' a ɑ | MALLOC_CHECK_=1 LC_ALL=en_US.utf8 sort -f

Note in UTF8 only a few chars are converted to longer sequences,
so the values that can be written are restricted.

There is also a theoretical buffer overflow with data around SIZE_MAX/2.

Both issues are fixed at:
The fix is public as the bug is already public.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ