4 matches found
SUSE-SU-2020:1608-1 Security update for ed
This update for ed fixes the following security issue: - CVE-2017-5357: An invalid free in the regular expression handling of the 'ed' command processing could allow local users to crash ed. bsc1019807...
patch: do_ed_script in pch.c does not block strings beginning with a ! character
A flaw was found in GNU patch through version 2.7.6. Strings beginning with a exclamation mark are not blocked by default. When ed receives an exclamation mark-prefixed command line argument, the argument is executed as a shell command. The highest threat from this vulnerability is to data...
SUSE-SU-2019:14005-1 Security update for ed
This update for ed fixes the following security issues: - CVE-2017-5357: An invalid free in the regular expression handling of the 'ed' command processing could allow local users to crash ed. bsc1019807...
patch: Malicious patch files cause ed to execute arbitrary commands
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...