MiracleLinux 7 : patch-2.7.1-10.el7 (AXSA:2018-2972:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2018-2972:01 advisory. patch: Malicious patch files cause ed to execute arbitrary commands CVE-2018-1000156 Tenable has extracted the preceding description block directly from the...

Slackware: Security Advisory (SSA:2025-256-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CBL Mariner 2.0 Security Update: patch (CVE-2018-1000156)

The version of patch installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2018-1000156 advisory. - GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specificall...

RHEL 5 : patch (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - patch: Malicious patch files cause ed to execute arbitrary commands CVE-2018-1000156 - Directory traversa...

CVE-2018-1000156 affecting package patch for versions less than 2.7.6-9

CVE-2018-1000156 affecting package patch for versions less than 2.7.6-9. A patched version of the package is available...

Slackware: Security Advisory (SSA:2018-096-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-1000156 affecting package patch for versions less than 2.7.6-7

CVE-2018-1000156 affecting package patch for versions less than 2.7.6-7. A patched version of the package is available...

SUSE: Security Advisory (SUSE-SU-2018:1162-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2018:1128-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-1000156 affecting package patch 2.7.6-7

CVE-2018-1000156 affecting package patch 2.7.6-7. A patched version of the package is available...

Huawei EulerOS: Security Advisory for patch (EulerOS-SA-2018-1146)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for patch (EulerOS-SA-2018-1147)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for patch (EulerOS-SA-2018-1378)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : patch (EulerOS-SA-2019-2219)

According to the versions of the patch package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - doedscript in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for...

Security Bulletin: Open Source Libvorbis, Patch and Python-paramiko vulnerabilities affect IBM Netezza Host Management

Summary Open Source Libvorbis Patch and Python-paramiko is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-7750 DESCRIPTION: Paramiko could allow a remote attacker to bypass security restrictions, caused by...

CVE-2018-1000156

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...

NewStart CGSL MAIN 4.05 : patch Vulnerability (NS-SA-2019-0138)

The remote NewStart CGSL host, running version MAIN 4.05, has patch packages installed that are affected by a vulnerability: - GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code...

Debian DSA-4489-1 : patch - security update

Imre Rad discovered several vulnerabilities in GNU patch, leading to shell command injection or escape from the working directory and access and overwrite files, if specially crafted patch files are processed. This update includes a bugfix for a regression introduced by the patch to address...

Command injection

GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156...

CVE-2019-13638

CVE-2019-13638 affects GNU patch up to version 2.7.6. It enables OS shell command injection when processing a crafted patch file containing an ed-style diff payload with shell metacharacters; the ed editor need not be present on the target system. Multiple connected advisories confirm vulnerable ...