AOSA-2017-0005: Update GNU ed
January 26, 2017
Please update your ed
package to version 1.14.1
.
A security vulnerability was recently disclosed in GNU ed by Hanno Böck:
"ed can be crashed with some malformed commands:
echo -e "H\n?\{" | ed
"The bug seems to be a call of free on a nonallocated pointer. The bug was found with the fuzzing tool american fuzzy lop in ed 1.14."
And was assigned with the following CVE ID:
Relevant documentation: