CVE-2014-9471

Publication date 31 December 2014

Last updated 24 July 2024


Ubuntu priority

The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command.

Status

Package Ubuntu Release Status
coreutils 14.10 utopic
Not affected
14.04 LTS trusty
Fixed 8.21-1ubuntu5.1
12.04 LTS precise
Fixed 8.13-3ubuntu3.3
10.04 LTS lucid
Fixed 7.4-2ubuntu3.1