EulerOS 2.0 SP2 : patch (EulerOS-SA-2020-2378)

According to the version of the patch package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and...

EulerOS Virtualization 3.0.2.2 : patch (EulerOS-SA-2020-2220)

According to the version of the patch package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and...

Huawei EulerOS: Security Advisory for patch (EulerOS-SA-2020-2220)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : patch (EulerOS-SA-2020-2120)

According to the version of the patch package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and...

GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.

...

In GNU patch through 2.7.6 the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.

...

An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault associated with a NULL pointer dereference leading to a denial of service in the intuit_diff_type function in pch.c aka a "mangled rename" issue.

...

do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638 but the ! syntax is specific to ed and is unrelated to a shell metacharacter.

...

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.

...

Medium: patch

Issue Overview: In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c. CVE-2019-13636 Affected Packages: patch Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for t...

Huawei EulerOS: Security Advisory for patch (EulerOS-SA-2020-1766)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization for ARM 64 3.0.6.0 : python3 (EulerOS-SA-2020-1346)

According to the versions of the python3 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In Python CPython 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon laun...

EulerOS Virtualization for ARM 64 3.0.6.0 : patch (EulerOS-SA-2020-1335)

According to the version of the patch package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects...

EulerOS Virtualization for ARM 64 3.0.6.0 : cyrus-sasl (EulerOS-SA-2020-1336)

According to the version of the cyrus-sasl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This...

CVE-2019-20633

GNU patch through 2.7.6 contains a freeplinepend Double Free vulnerability in the function anotherhunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952...

GNU patch resource management error vulnerability

GNU patch is a set of tools from the GNU Project for generating patch files. A resource management error vulnerability exists in the 'anotherhunk' function of the pch.c file in GNU patch 2.7.6 and earlier. An attacker can exploit this vulnerability to cause a denial of service with a specially...

CVE-2019-20633

GNU patch through 2.7.6 contains a freeplinepend Double Free vulnerability in the function anotherhunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952...

AZL-35107 CVE-2019-20633 affecting package patch 2.7.6-9

GNU patch through 2.7.6 contains a freeplinepend Double Free vulnerability in the function anotherhunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952...

CVE-2019-20633

GNU patch through 2.7.6 contains a freeplinepend Double Free vulnerability in the function anotherhunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952...

Double free

GNU patch through 2.7.6 contains a freeplinepend Double Free vulnerability in the function anotherhunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952...