Larry Wall’s patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | patch | < 2.5-1 | patch_2.5-1_all.deb |
Debian | 11 | all | patch | < 2.5-1 | patch_2.5-1_all.deb |
Debian | 10 | all | patch | < 2.5-1 | patch_2.5-1_all.deb |
Debian | 999 | all | patch | < 2.5-1 | patch_2.5-1_all.deb |
Debian | 13 | all | patch | < 2.5-1 | patch_2.5-1_all.deb |