Lucene search
AmazonALAS2-2018-1008HistoryMay 10, 2018 - 5:06 p.m.
Important: patch
2018-05-1017:06:00
alas.aws.amazon.com
9
Issue Overview:
Malicious patch files cause ed to execute arbitrary commands
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD’s CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.(CVE-2018-1000156)
Affected Packages:
patch
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update patch to update your system.
New Packages:
src:
patch-2.7.1-10.amzn2.src
x86_64:
patch-2.7.1-10.amzn2.x86_64
patch-debuginfo-2.7.1-10.amzn2.x86_64
Additional References
Red Hat: CVE-2018-1000156
Mitre: CVE-2018-1000156
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 2 | x86_64 | patch | < 2.7.1-10.amzn2 | patch-2.7.1-10.amzn2.x86_64.rpm |
| Amazon Linux | 2 | x86_64 | patch-debuginfo | < 2.7.1-10.amzn2 | patch-debuginfo-2.7.1-10.amzn2.x86_64.rpm |
Related
nessus
nessus
NewStart CGSL MAIN 4.05 : patch Vulnerability (NS-SA-2019-0138)
2019-08-12 00:00:00
EulerOS Virtualization 2.5.1 : patch (EulerOS-SA-2018-1378)
2018-11-21 00:00:00
EulerOS 2.0 SP1 : patch (EulerOS-SA-2018-1146)
2018-05-29 00:00:00
amazon
amazon
Important: patch
2018-05-10 16:52:00
Important: patch
2019-10-21 18:01:00
Important: patch
2019-10-18 23:22:00
ubuntucve
ubuntucve
CVE-2018-1000156
2018-04-06 00:00:00
CVE-2019-13638
2019-07-22 00:00:00
debiancve
debiancve
CVE-2018-1000156
2018-04-06 13:29:00
CVE-2019-13638
2019-07-26 13:15:00
openvas
openvas
Huawei EulerOS: Security Advisory for patch (EulerOS-SA-2018-1378)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for patch (EulerOS-SA-2018-1147)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for patch (EulerOS-SA-2018-1146)
2020-01-23 00:00:00
redhatcve
redhatcve
CVE-2018-1000156
2019-10-10 04:15:40
osv
osv
CVE-2018-1000156
2018-04-06 13:29:00
patch - security update
2018-04-16 00:00:00
CVE-2019-13638
2019-07-26 13:15:12
cve
cve
CVE-2018-1000156
2018-04-06 13:29:00
CVE-2015-1418
2018-02-05 16:29:00
CVE-2019-13638
2019-07-26 13:15:00
cvelist
cvelist
CVE-2018-1000156
2018-04-06 13:00:00
CVE-2015-1418
2018-02-05 16:00:00
CVE-2019-13638
2019-07-26 12:22:43
alpinelinux
alpinelinux
CVE-2018-1000156
2018-04-06 13:29:00
CVE-2019-13638
2019-07-26 13:15:00
prion
prion
Input validation
2018-04-06 13:29:00
Code injection
2018-02-05 16:29:00
Command injection
2019-07-26 13:15:00
freebsd
freebsd
patch -- multiple vulnerabilities
2018-04-16 00:00:00
FreeBSD -- shell injection vulnerability in patch(1)
2015-08-05 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-01-15 09:22:55
redhat
redhat
(RHSA-2018:1200) Important: patch security update
2018-04-23 16:32:14
(RHSA-2018:1199) Important: patch security update
2018-04-23 16:30:19
(RHSA-2018:2097) Important: patch security update
2018-06-27 18:05:38
cbl_mariner
cbl_mariner
CVE-2018-1000156 affecting package patch for versions less than 2.7.6-9
2024-03-19 17:21:46
CVE-2018-1000156 affecting package patch 2.7.6-7
2020-09-09 06:09:14
CVE-2018-1000156 affecting package patch for versions less than 2.7.6-7
2022-04-09 06:51:43
centos
centos
patch security update
2018-05-02 12:03:45
patch security update
2018-05-30 18:24:23
wolfi
wolfi
CVE-2018-1000156 vulnerabilities
2024-05-17 16:29:45
cgr
cgr
CVE-2018-1000156 vulnerabilities
2024-05-17 15:41:37
slackware
slackware
[slackware-security] patch
2018-04-07 00:25:33
debian
debian
[SECURITY] [DLA 1348-1] patch security update
2018-04-16 11:16:11
[SECURITY] [DSA 4489-1] patch security update
2019-07-27 17:46:54
[SECURITY] [DSA 4489-1] patch security update
2019-07-27 17:46:40
ibm
ibm
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2018-1.0-0142
2018-05-25 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2018-2.0-0049
2018-05-22 00:00:00
Important Photon OS Security Update - PHSA-2018-0142
2018-05-25 00:00:00
oraclelinux
oraclelinux
patch security update
2018-04-23 00:00:00
patch security update
2018-04-23 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: patch-2.7.6-4.fc28
2018-05-09 21:28:51
[SECURITY] Fedora 28 Update: patch-2.7.6-5.fc28
2018-10-15 10:47:23
[SECURITY] Fedora 26 Update: patch-2.7.6-4.fc26
2018-05-15 20:00:56
securityvulns
securityvulns
FreeBSD Security Advisory FreeBSD-SA-15:18.bsdpatch
2015-08-10 00:00:00
FreeBSD patch code execution
2015-08-10 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-15:18.bsdpatch
2015-08-05 00:00:00
ubuntu
ubuntu
Patch vulnerabilities
2018-04-16 00:00:00
Patch vulnerabilities
2018-04-10 00:00:00
archlinux
archlinux
[ASA-201811-14] patch: multiple issues
2018-11-12 00:00:00
[ASA-201810-8] patch: multiple issues
2018-10-09 00:00:00
suse
suse
Security update for patch (important)
2018-05-03 12:08:24
Security update for patch (important)
2018-05-02 21:08:01
Security update for patch (important)
2018-05-07 21:07:23
mageia
mageia
Updated patch packages fix security vulnerabilities
2018-06-14 21:14:36
cloudfoundry
cloudfoundry
USN-3624-1: Patch vulnerabilities | Cloud Foundry
2018-05-09 00:00:00
gentoo
gentoo
Patch: Multiple vulnerabilities
2019-04-17 00:00:00