33 matches found
CVE-2018-1000156
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...
CVE-2018-1000156
GNU patch through 2.7.6 is vulnerable to arbitrary command execution when applying ed-style patches. The root cause is insufficient sanitization of the input patch stream, allowing a crafted patch file to cause patch to pass ed-script commands to the editor. This can enable code execution under t...
CVE-2018-1000156
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...
CVE-2018-1000156
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...
CVE-2018-1000156
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...
CVE-2016-10713
A heap-based out-of-bounds read flaw was found in the way the patch utility parsed patch files. An attacker could potentially use this flaw to crash the patch utility by tricking it into processing crafted patch files...
CVE-2018-6952
A double-free flaw was found in the way the patch utility processed patch files. An attacker could potentially use this flaw to crash the patch utility by tricking it into processing crafted patches...
ALPINE-CVE-2018-6951
An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuitdifftype function in pch.c, aka a "mangled rename" issue...
FreeBSD Security Advisory FreeBSD-SA-15:14.bsdpatch
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:14.bsdpatch Security Advisory The FreeBSD Project Topic: shell injection vulnerability in patch1 Category: contrib Module: patch Announced: 2015-07-28 Credit...
SUSE-SU-2015:1019-1 Security update for patch
The GNU patch utility was updated to 2.7.5 to fix three security issues and one non-security bug. The following vulnerabilities were fixed: CVE-2015-1196: directory traversal flaw when handling git-style patches. This could allow an attacker to overwrite arbitrary files by tricking the user into...
USN-2183-2 dpkg vulnerability
USN-2183-1 fixed a vulnerability in dpkg. Javier Serrano Polo discovered that the fix introduced a vulnerability in releases with an older version of the patch utility. This update fixes the problem. Original advisory details: Jakub Wilk discovered that dpkg incorrectly certain paths and symlinks...
USN-2183-2: dpkg vulnerability
USN-2183-1 fixed a vulnerability in dpkg. Javier Serrano Polo discovered that the fix introduced a vulnerability in releases with an older version of the patch utility. This update fixes the problem. Original advisory details: Jakub Wilk discovered that dpkg incorrectly certain paths and symlinks...
[SECURITY] [DSA 2915-2] dpkg security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2915-2 [email protected] http://www.debian.org/security/ Raphael Geissert April 30, 2014 http://www.debian.org/security/faq -...