CVE-2015-5218
Publication date 9 November 2015
Last updated 24 July 2024
Ubuntu priority
Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| bsdmainutils | 22.04 LTS jammy |
Not affected
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
|
| util-linux | 22.04 LTS jammy |
Not affected
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
|
Notes
sbeattie
fixed in util-linux, but debian/ubuntu util-linux does not ship colcrt
ccdm94
package bsdmainutils is not vulnerable in any release due to code that checks for writing beyond array bounds being included in the commit which introduced multibyte character support (243041573f0). Releases that include the multibyte character support therefore include the checks. A fix that identifies read errors was also released in a 2004 commit (70cd856a0c6), and is present in the code for all Ubuntu releases that contain colcrt in bsdmainutils. More recent versions such as Ubuntu 21.10 don't include the colcrt code, as it was removed from the bsdmainutils source.