RHBA-2005:544 - Bug Fix Advisory

Topic

An updated coreutils package that fixes several bugs is now available.

Description

The coreutils package contains core GNU utilities. It is the combination
of the old GNU fileutils, sh-utils, and textutils packages.

Several bugs have been fixed:

The cp(1) command produced incorrect behavior when using the -f switch and
operating on hardlinks in some situations.

The cp(1) option to remove destination files when they cannot be opened
(-f) was causing the option to prompt before overwriting (-i) to be ignored.

The cut(1) command would not always correctly process multiple input files.

The join(1) command behaved incorrectly with multibyte input.

The join(1) command gave incorrect output when fields are separated by
multiple spaces in the input.

It was possible to cause the ls(1) program to use very large amounts of memory.

The sort(1) program would leak memory when the -g switch was given.

The sort(1) program gave incorrect output when sorting by month using the

• M switch.

The sort(1) program behaved incorrectly with multibyte input.

The su(1) command used the wrong value for the PATH environment variable.
This has been brought into line with the LSB specification: in particular,
the /sbin directory is now searched before the /bin directory.

The su(1) documentation contained some out of date information. This has
been removed.

The who(1) command could list user sessions that are no longer logged in.

All users of coreutils should upgrade to this updated package, which
resolves these issues.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

• Red Hat Enterprise Linux Server 3 x86_64
• Red Hat Enterprise Linux Server 3 ia64
• Red Hat Enterprise Linux Server 3 i386
• Red Hat Enterprise Linux Workstation 3 x86_64
• Red Hat Enterprise Linux Workstation 3 ia64
• Red Hat Enterprise Linux Workstation 3 i386
• Red Hat Enterprise Linux Desktop 3 x86_64
• Red Hat Enterprise Linux Desktop 3 i386
• Red Hat Enterprise Linux for IBM z Systems 3 s390x
• Red Hat Enterprise Linux for IBM z Systems 3 s390
• Red Hat Enterprise Linux for Power, big endian 3 ppc

Fixes

• BZ - 115620 - /bin/sort -g has memory leak
• BZ - 124298 - /usr/bin/who lists users that are not logged in.
• BZ - 127354 - join does not produce correct output
• BZ - 128039 - CAN-2003-0853/-0854: Vulnerability fix for "ls" not applied
• BZ - 158740 - Misleading message in 'su' info document
• BZ - 158741 - su - use a different path than login
• BZ - 158748 - sort -M doesn't work
• BZ - 158749 - cut can not work correctly with two file argument
• BZ - 158750 - In LSB running, /tset/LI18NUX2K.L1/utils/join/join FAIL

CVEs

(none)

References

(none)