ID USN-3624-1 Type ubuntu Reporter Ubuntu Modified 2018-04-10T00:00:00
Description
It was discovered that Patch incorrectly handled certain files. An attacker
could possibly use this to cause a denial of service. (CVE-2016-10713)
It was discovered that Patch incorrectly handled certain input validation. An
attacker could possibly use this to execute arbitrary code. (CVE-2018-1000156)
It was discovered that Patch incorrectly handled certain inputs. An attacker
could possibly use this to cause a denial of service. (CVE-2018-6951)
{"id": "USN-3624-1", "bulletinFamily": "unix", "title": "Patch vulnerabilities", "description": "It was discovered that Patch incorrectly handled certain files. An attacker \ncould possibly use this to cause a denial of service. (CVE-2016-10713)\n\nIt was discovered that Patch incorrectly handled certain input validation. An \nattacker could possibly use this to execute arbitrary code. (CVE-2018-1000156)\n\nIt was discovered that Patch incorrectly handled certain inputs. An attacker \ncould possibly use this to cause a denial of service. (CVE-2018-6951)", "published": "2018-04-10T00:00:00", "modified": "2018-04-10T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://ubuntu.com/security/notices/USN-3624-1", "reporter": "Ubuntu", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2018-6951", "https://people.canonical.com/~ubuntu-security/cve/CVE-2018-1000156", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-10713"], "cvelist": ["CVE-2018-6951", "CVE-2016-10713", "CVE-2018-1000156"], "type": "ubuntu", "lastseen": "2020-07-02T11:37:31", "edition": 6, "viewCount": 10, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-6951", "CVE-2016-10713", "CVE-2018-1000156"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-6951", "UB:CVE-2018-1000156", "UB:CVE-2016-10713"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-6951", "RH:CVE-2016-10713"]}, {"type": "nessus", "idList": ["OPENSUSE-2018-416.NASL", "NEWSTART_CGSL_NS-SA-2019-0253_PATCH.NASL", "FEDORA_2018-B127E58641.NASL", "GENTOO_GLSA-201904-17.NASL", "SUSE_SU-2018-1162-1.NASL", "FREEBSD_PKG_791841A3D4844878890992EF9CE424F4.NASL", "AL2_ALAS-2019-1317.NASL", "UBUNTU_USN-3624-1.NASL", "ALA_ALAS-2019-1312.NASL", "SUSE_SU-2018-1128-1.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:1137-1", "SUSE-SU-2018:1128-1", "SUSE-SU-2018:1162-1"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:D6964958081B18451C45CF4BF09FA16D"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310874252", "OPENVAS:1361412562310875209", "OPENVAS:1361412562310874480", "OPENVAS:1361412562310843793", "OPENVAS:1361412562310851739", "OPENVAS:1361412562311220192343", "OPENVAS:1361412562311220201225", "OPENVAS:1361412562310874558", "OPENVAS:1361412562310874126", "OPENVAS:1361412562310875196"]}, {"type": "fedora", "idList": ["FEDORA:020436079D00", "FEDORA:CC7DF6076D25", "FEDORA:306E86095B2B", "FEDORA:AB6C960A68A9", "FEDORA:3FF87606E4AD", "FEDORA:790BD60A65E7", "FEDORA:981F860DCB48"]}, {"type": "ubuntu", "idList": ["USN-3624-2"]}, {"type": "freebsd", "idList": ["791841A3-D484-4878-8909-92EF9CE424F4"]}, {"type": "gentoo", "idList": ["GLSA-201904-17"]}, {"type": "archlinux", "idList": ["ASA-201810-8"]}, {"type": "amazon", "idList": ["ALAS2-2019-1317", "ALAS-2019-1312"]}, {"type": "redhat", "idList": ["RHSA-2018:2092", "RHSA-2018:2094", "RHSA-2018:2097", "RHSA-2018:2095", "RHSA-2018:2091", "RHSA-2018:1200", "RHSA-2018:1199", "RHSA-2018:2096", "RHSA-2018:2093"]}, {"type": "centos", "idList": ["CESA-2018:1199", "CESA-2018:1200"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-1199", "ELSA-2018-1200"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1348-1:CDB63"]}, {"type": "slackware", "idList": ["SSA-2018-096-01"]}], "modified": "2020-07-02T11:37:31", "rev": 2}, "score": {"value": 7.0, "vector": "NONE", "modified": "2020-07-02T11:37:31", "rev": 2}, "vulnersScore": 7.0}, "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "17.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "patch", "packageVersion": "2.7.5-1ubuntu0.2"}, {"OS": "Ubuntu", "OSVersion": "14.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "patch", "packageVersion": "2.7.1-4ubuntu2.4"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "patch", "packageVersion": "2.7.5-1ubuntu0.16.04.1"}], "scheme": null, "immutableFields": []}
{"ubuntucve": [{"lastseen": "2021-06-30T22:14:47", "bulletinFamily": "info", "cvelist": ["CVE-2018-1000156"], "description": "GNU Patch version 2.7.6 contains an input validation vulnerability when\nprocessing patch files, specifically the EDITOR_PROGRAM invocation (using\ned) can result in code execution. This attack appear to be exploitable via\na patch file processed via the patch utility. This is similar to FreeBSD's\nCVE-2015-1418 however although they share a common ancestry the code bases\nhave diverged over time.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894993>\n", "modified": "2018-04-06T00:00:00", "published": "2018-04-06T00:00:00", "id": "UB:CVE-2018-1000156", "href": "https://ubuntu.com/security/CVE-2018-1000156", "type": "ubuntucve", "title": "CVE-2018-1000156", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-06-30T22:16:56", "bulletinFamily": "info", "cvelist": ["CVE-2018-6951"], "description": "An issue was discovered in GNU patch through 2.7.6. There is a segmentation\nfault, associated with a NULL pointer dereference, leading to a denial of\nservice in the intuit_diff_type function in pch.c, aka a \"mangled rename\"\nissue.\n\n#### Bugs\n\n * <https://savannah.gnu.org/bugs/index.php?53132>\n", "modified": "2018-02-13T00:00:00", "published": "2018-02-13T00:00:00", "id": "UB:CVE-2018-6951", "href": "https://ubuntu.com/security/CVE-2018-6951", "type": "ubuntucve", "title": "CVE-2018-6951", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-06-30T22:16:59", "bulletinFamily": "info", "cvelist": ["CVE-2016-10713"], "description": "An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access\nwithin pch_write_line() in pch.c can possibly lead to DoS via a crafted\ninput file.", "modified": "2018-02-13T00:00:00", "published": "2018-02-13T00:00:00", "id": "UB:CVE-2016-10713", "href": "https://ubuntu.com/security/CVE-2016-10713", "type": "ubuntucve", "title": "CVE-2016-10713", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2021-04-23T00:24:12", "description": "GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.", "edition": 7, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-04-06T13:29:00", "title": "CVE-2018-1000156", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000156"], "modified": "2019-07-30T10:15:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/o:redhat:enterprise_linux_server_eus:7.4", "cpe:/o:redhat:enterprise_linux_server_eus:6.7", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:redhat:enterprise_linux_server_aus:7.3", "cpe:/a:gnu:patch:2.7.6", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:redhat:enterprise_linux_server_tus:7.4", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:redhat:enterprise_linux_server_eus:7.3", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_server_tus:7.2", "cpe:/o:redhat:enterprise_linux_server_eus:7.5", "cpe:/o:redhat:enterprise_linux_server_aus:7.4", "cpe:/o:redhat:enterprise_linux_server_aus:7.6", "cpe:/o:redhat:enterprise_linux_server_aus:6.5", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_server_tus:7.3", "cpe:/o:redhat:enterprise_linux_server_aus:7.2", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server_aus:6.4", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux_server_tus:6.6", "cpe:/o:redhat:enterprise_linux_server_aus:6.6", "cpe:/o:redhat:enterprise_linux_server_eus:7.6", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2018-1000156", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000156", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:patch:2.7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2021-04-23T00:24:30", "description": "An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a \"mangled rename\" issue.", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-02-13T19:29:00", "title": "CVE-2018-6951", "type": "cve", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-6951"], "modified": "2019-04-17T20:29:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/a:gnu:patch:2.7.6", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2018-6951", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6951", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:gnu:patch:2.7.6:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2021-04-22T23:58:40", "description": "An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file.", "edition": 9, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-02-13T19:29:00", "title": "CVE-2016-10713", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10713"], "modified": "2018-04-18T01:29:00", "cpe": [], "id": "CVE-2016-10713", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10713", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": []}], "redhatcve": [{"lastseen": "2021-05-19T23:36:20", "bulletinFamily": "info", "cvelist": ["CVE-2018-6951"], "description": "A NULL pointer dereference flaw was found in the way patch processed patch files. An attacker could potentially use this flaw to crash patch by tricking it into processing crafted patches.\n", "modified": "2020-08-18T14:16:39", "published": "2018-02-14T07:19:13", "id": "RH:CVE-2018-6951", "href": "https://access.redhat.com/security/cve/cve-2018-6951", "type": "redhatcve", "title": "CVE-2018-6951", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-05-19T23:36:19", "bulletinFamily": "info", "cvelist": ["CVE-2016-10713"], "description": "A heap-based out-of-bounds read flaw was found in the way the patch utility parsed patch files. An attacker could potentially use this flaw to crash the patch utility by tricking it into processing crafted patch files.\n", "modified": "2020-08-18T14:44:48", "published": "2018-02-14T21:19:57", "id": "RH:CVE-2016-10713", "href": "https://access.redhat.com/security/cve/cve-2016-10713", "type": "redhatcve", "title": "CVE-2016-10713", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:49", "bulletinFamily": "software", "cvelist": ["CVE-2018-6951", "CVE-2016-10713", "CVE-2018-1000156"], "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nIt was discovered that Patch incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. (CVE-2016-10713)\n\nIt was discovered that Patch incorrectly handled certain input validation. An attacker could possibly use this to execute arbitrary code. (CVE-2018-1000156)\n\nIt was discovered that Patch incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service. (CVE-2018-6951)\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Cloud Foundry BOSH stemcells are vulnerable, including: \n * 3363.x versions prior to 3363.60\n * 3421.x versions prior to 3421.56\n * 3445.x versions prior to 3445.42\n * 3468.x versions prior to 3468.41\n * 3541.x versions prior to 3541.24\n * 3586.x versions prior to 3586.5\n * All other stemcells not listed.\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.199.0\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH stemcells: \n * Upgrade 3363.x versions to 3363.60\n * Upgrade 3421.x versions to 3421.56\n * Upgrade 3445.x versions to 3445.42\n * Upgrade 3468.x versions to 3468.41\n * Upgrade 3541.x versions to 3541.24\n * Upgrade 3586.x versions to 3586.5\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io>).\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.199.0 or later.\n\n# References\n\n * [USN-3624-1](<https://usn.ubuntu.com/3624-1/>)\n * [CVE-2016-10713](<https://people.canonical.com/~ubuntu-security/cve/CVE-2016-10713>)\n * [CVE-2018-1000156](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-1000156>)\n * [CVE-2018-6951](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-6951>)\n", "edition": 6, "modified": "2018-05-09T00:00:00", "published": "2018-05-09T00:00:00", "id": "CFOUNDRY:D6964958081B18451C45CF4BF09FA16D", "href": "https://www.cloudfoundry.org/blog/usn-3624-1/", "title": "USN-3624-1: Patch vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-20T12:37:26", "description": "This update for patch fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-1000156: Malicious patch files cause ed to\n execute arbitrary commands (bsc#1088420).\n\n - CVE-2018-6951: Fixed NULL pointer dereference in the\n intuit_diff_type function in pch.c (bsc#1080918).\n\n - CVE-2016-10713: Fixed out-of-bounds access within\n pch_write_line() in pch.c (bsc#1080918).\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "edition": 19, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-05-03T00:00:00", "title": "openSUSE Security Update : patch (openSUSE-2018-416)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6951", "CVE-2016-10713", "CVE-2018-1000156"], "modified": "2018-05-03T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:patch-debuginfo", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:patch-debugsource", "p-cpe:/a:novell:opensuse:patch"], "id": "OPENSUSE-2018-416.NASL", "href": "https://www.tenable.com/plugins/nessus/109540", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-416.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(109540);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-10713\", \"CVE-2018-1000156\", \"CVE-2018-6951\");\n\n script_name(english:\"openSUSE Security Update : patch (openSUSE-2018-416)\");\n script_summary(english:\"Check for the openSUSE-2018-416 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for patch fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-1000156: Malicious patch files cause ed to\n execute arbitrary commands (bsc#1088420).\n\n - CVE-2018-6951: Fixed NULL pointer dereference in the\n intuit_diff_type function in pch.c (bsc#1080918).\n\n - CVE-2016-10713: Fixed out-of-bounds access within\n pch_write_line() in pch.c (bsc#1080918).\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1080918\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1080951\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1088420\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected patch packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:patch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:patch-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:patch-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"patch-2.7.5-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"patch-debuginfo-2.7.5-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"patch-debugsource-2.7.5-9.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"patch / patch-debuginfo / patch-debugsource\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-18T10:54:37", "description": "It was discovered that Patch incorrectly handled certain files. An\nattacker could possibly use this to cause a denial of service.\n(CVE-2016-10713)\n\nIt was discovered that Patch incorrectly handled certain input\nvalidation. An attacker could possibly use this to execute arbitrary\ncode. (CVE-2018-1000156)\n\nIt was discovered that Patch incorrectly handled certain inputs. An\nattacker could possibly use this to cause a denial of service.\n(CVE-2018-6951).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 21, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-04-11T00:00:00", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : Patch vulnerabilities (USN-3624-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6951", "CVE-2016-10713", "CVE-2018-1000156"], "modified": "2018-04-11T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:17.10", "p-cpe:/a:canonical:ubuntu_linux:patch", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3624-1.NASL", "href": "https://www.tenable.com/plugins/nessus/109002", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3624-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109002);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2016-10713\", \"CVE-2018-1000156\", \"CVE-2018-6951\");\n script_xref(name:\"USN\", value:\"3624-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : Patch vulnerabilities (USN-3624-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that Patch incorrectly handled certain files. An\nattacker could possibly use this to cause a denial of service.\n(CVE-2016-10713)\n\nIt was discovered that Patch incorrectly handled certain input\nvalidation. An attacker could possibly use this to execute arbitrary\ncode. (CVE-2018-1000156)\n\nIt was discovered that Patch incorrectly handled certain inputs. An\nattacker could possibly use this to cause a denial of service.\n(CVE-2018-6951).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3624-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected patch package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:patch\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"patch\", pkgver:\"2.7.1-4ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"patch\", pkgver:\"2.7.5-1ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"patch\", pkgver:\"2.7.5-1ubuntu0.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"patch\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-02T04:36:40", "description": "This update for patch fixes the following issues: Security issues\nfixed :\n\n - CVE-2018-1000156: Malicious patch files cause ed to\n execute arbitrary commands (bsc#1088420).\n\n - CVE-2018-6951: Fixed NULL pointer dereference in the\n intuit_diff_type function in pch.c (bsc#1080918).\n\n - CVE-2016-10713: Fixed out-of-bounds access within\n pch_write_line() in pch.c (bsc#1080918).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 33, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-05-03T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : patch (SUSE-SU-2018:1128-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6951", "CVE-2016-10713", "CVE-2018-1000156"], "modified": "2021-07-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:patch", "p-cpe:/a:novell:suse_linux:patch-debugsource", "p-cpe:/a:novell:suse_linux:patch-debuginfo"], "id": "SUSE_SU-2018-1128-1.NASL", "href": "https://www.tenable.com/plugins/nessus/109549", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1128-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109549);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/24 11:01:33\");\n\n script_cve_id(\"CVE-2016-10713\", \"CVE-2018-1000156\", \"CVE-2018-6951\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : patch (SUSE-SU-2018:1128-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for patch fixes the following issues: Security issues\nfixed :\n\n - CVE-2018-1000156: Malicious patch files cause ed to\n execute arbitrary commands (bsc#1088420).\n\n - CVE-2018-6951: Fixed NULL pointer dereference in the\n intuit_diff_type function in pch.c (bsc#1080918).\n\n - CVE-2016-10713: Fixed out-of-bounds access within\n pch_write_line() in pch.c (bsc#1080918).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1080918\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1080951\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088420\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10713/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1000156/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-6951/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181128-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?707a6ad2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-777=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-777=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:patch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:patch-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:patch-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"patch-2.7.5-8.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"patch-debuginfo-2.7.5-8.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"patch-debugsource-2.7.5-8.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"patch-2.7.5-8.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"patch-debuginfo-2.7.5-8.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"patch-debugsource-2.7.5-8.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"patch\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-02T00:33:25", "description": "The remote host is affected by the vulnerability described in GLSA-201904-17\n(Patch: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Patch. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 22, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-04-18T00:00:00", "title": "GLSA-201904-17 : Patch: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6951", "CVE-2018-6952", "CVE-2018-1000156"], "modified": "2021-07-02T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:patch", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201904-17.NASL", "href": "https://www.tenable.com/plugins/nessus/124130", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201904-17.\n#\n# The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124130);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/09/24 11:01:33\");\n\n script_cve_id(\"CVE-2018-1000156\", \"CVE-2018-6951\", \"CVE-2018-6952\");\n script_xref(name:\"GLSA\", value:\"201904-17\");\n\n script_name(english:\"GLSA-201904-17 : Patch: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201904-17\n(Patch: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Patch. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201904-17\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Patch users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-devel/patch-2.7.6-r3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:patch\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-devel/patch\", unaffected:make_list(\"ge 2.7.6-r3\"), vulnerable:make_list(\"lt 2.7.6-r3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Patch\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:20:45", "description": "New upstream release, including security fixes for CVE-2016-10713,\nCVE-2018-6951, CVE-2018-6952.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-02-21T00:00:00", "title": "Fedora 27 : patch (2018-b127e58641)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6951", "CVE-2016-10713", "CVE-2018-6952"], "modified": "2018-02-21T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:27", "p-cpe:/a:fedoraproject:fedora:patch"], "id": "FEDORA_2018-B127E58641.NASL", "href": "https://www.tenable.com/plugins/nessus/106915", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-b127e58641.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106915);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-10713\", \"CVE-2018-6951\", \"CVE-2018-6952\");\n script_xref(name:\"FEDORA\", value:\"2018-b127e58641\");\n\n script_name(english:\"Fedora 27 : patch (2018-b127e58641)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New upstream release, including security fixes for CVE-2016-10713,\nCVE-2018-6951, CVE-2018-6952.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-b127e58641\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected patch package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:patch\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"patch-2.7.6-3.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"patch\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-02T00:13:47", "description": "NVD reports :\n\nAn issue was discovered in GNU patch through 2.7.6. There is a\nsegmentation fault, associated with a NULL pointer dereference,\nleading to a denial of service in the intuit_diff_type function in\npch.c, aka a 'mangled rename' issue.\n\nA double free exists in the another_hunk function in pch.c in GNU\npatch through 2.7.6.\n\nGNU Patch version 2.7.6 contains an input validation vulnerability\nwhen processing patch files, specifically the EDITOR_PROGRAM\ninvocation (using ed) can result in code execution. This attack appear\nto be exploitable via a patch file processed via the patch utility.\nThis is similar to FreeBSD's CVE-2015-1418 however although they share\na common ancestry the code bases have diverged over time.", "edition": 27, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-11-13T00:00:00", "title": "FreeBSD : patch -- multiple vulnerabilities (791841a3-d484-4878-8909-92ef9ce424f4)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6951", "CVE-2018-6952", "CVE-2018-1000156", "CVE-2015-1418"], "modified": "2021-07-02T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:patch"], "id": "FREEBSD_PKG_791841A3D4844878890992EF9CE424F4.NASL", "href": "https://www.tenable.com/plugins/nessus/118902", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118902);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\"CVE-2018-1000156\", \"CVE-2018-6951\", \"CVE-2018-6952\");\n\n script_name(english:\"FreeBSD : patch -- multiple vulnerabilities (791841a3-d484-4878-8909-92ef9ce424f4)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"NVD reports :\n\nAn issue was discovered in GNU patch through 2.7.6. There is a\nsegmentation fault, associated with a NULL pointer dereference,\nleading to a denial of service in the intuit_diff_type function in\npch.c, aka a 'mangled rename' issue.\n\nA double free exists in the another_hunk function in pch.c in GNU\npatch through 2.7.6.\n\nGNU Patch version 2.7.6 contains an input validation vulnerability\nwhen processing patch files, specifically the EDITOR_PROGRAM\ninvocation (using ed) can result in code execution. This attack appear\nto be exploitable via a patch file processed via the patch utility.\nThis is similar to FreeBSD's CVE-2015-1418 however although they share\na common ancestry the code bases have diverged over time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://savannah.gnu.org/bugs/?53132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://savannah.gnu.org/bugs/?53133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://savannah.gnu.org/bugs/?53566\"\n );\n # https://vuxml.freebsd.org/freebsd/791841a3-d484-4878-8909-92ef9ce424f4.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7eed5f94\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:patch\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"patch<2.7.6_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T14:52:05", "description": "This update for patch fixes several issues. These security issues were\nfixed :\n\n - CVE-2018-1000156: patch: Malicious patch files cause ed\n to execute arbitrary commands (bsc#1088420).\n\n - CVE-2014-9637: Prevent DoS by remote attackers (memory\n consumption and segmentation fault) via a crafted diff\n file (bsc#914891).\n\n - CVE-2016-10713: Prevent out-of-bounds access within\n pch_write_line() that could have lead to DoS via a\n crafted input file (bsc#1080918).\n\n - CVE-2010-4651: Fixed a directory traversal bug\n (bsc#662957) :\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-05-08T00:00:00", "title": "SUSE SLES11 Security Update : patch (SUSE-SU-2018:1162-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4651", "CVE-2016-10713", "CVE-2018-1000156", "CVE-2014-9637"], "modified": "2018-05-08T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:patch", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-1162-1.NASL", "href": "https://www.tenable.com/plugins/nessus/109599", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1162-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(109599);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-4651\", \"CVE-2014-9637\", \"CVE-2016-10713\", \"CVE-2018-1000156\");\n script_bugtraq_id(46768, 72286);\n\n script_name(english:\"SUSE SLES11 Security Update : patch (SUSE-SU-2018:1162-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for patch fixes several issues. These security issues were\nfixed :\n\n - CVE-2018-1000156: patch: Malicious patch files cause ed\n to execute arbitrary commands (bsc#1088420).\n\n - CVE-2014-9637: Prevent DoS by remote attackers (memory\n consumption and segmentation fault) via a crafted diff\n file (bsc#914891).\n\n - CVE-2016-10713: Prevent out-of-bounds access within\n pch_write_line() that could have lead to DoS via a\n crafted input file (bsc#1080918).\n\n - CVE-2010-4651: Fixed a directory traversal bug\n (bsc#662957) :\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1080918\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088420\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=662957\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=914891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2010-4651/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9637/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10713/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1000156/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181162-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fe761ac6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-patch-13589=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-patch-13589=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-patch-13589=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-patch-13589=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-patch-13589=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:patch\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"patch-2.5.9-252.22.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"patch-2.5.9-252.22.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"patch\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-01T22:30:31", "description": "do_ed_script in pch.c in GNU patch through 2.7.6 does not block\nstrings beginning with a ! character. NOTE: this is the same commit as\nfor CVE-2019-13638 , but the ! syntax is specific to ed, and is\nunrelated to a shell metacharacter.(CVE-2018-20969)\n\nGNU patch through 2.7.6 is vulnerable to OS shell command injection\nthat can be exploited by opening a crafted patch file that contains an\ned style diff payload with shell metacharacters. The ed editor does\nnot need to be present on the vulnerable system. This is different\nfrom CVE-2018-1000156 .(CVE-2019-13638)\n\nA heap-based out-of-bounds read flaw was found in the way the patch\nutility parsed patch files. An attacker could potentially use this\nflaw to crash the patch utility by tricking it into processing crafted\npatch files.(CVE-2016-10713)\n\nA double-free flaw was found in the way the patch utility processed\npatch files. An attacker could potentially use this flaw to crash the\npatch utility by tricking it into processing crafted\npatches.(CVE-2018-6952)", "edition": 24, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-10-25T00:00:00", "title": "Amazon Linux 2 : patch (ALAS-2019-1317)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10713", "CVE-2018-6952", "CVE-2018-1000156", "CVE-2019-13638", "CVE-2018-20969"], "modified": "2021-07-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:patch-debuginfo", "p-cpe:/a:amazon:linux:patch", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2019-1317.NASL", "href": "https://www.tenable.com/plugins/nessus/130214", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1317.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130214);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/18\");\n\n script_cve_id(\"CVE-2016-10713\", \"CVE-2018-20969\", \"CVE-2018-6952\", \"CVE-2019-13638\");\n script_xref(name:\"ALAS\", value:\"2019-1317\");\n\n script_name(english:\"Amazon Linux 2 : patch (ALAS-2019-1317)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"do_ed_script in pch.c in GNU patch through 2.7.6 does not block\nstrings beginning with a ! character. NOTE: this is the same commit as\nfor CVE-2019-13638 , but the ! syntax is specific to ed, and is\nunrelated to a shell metacharacter.(CVE-2018-20969)\n\nGNU patch through 2.7.6 is vulnerable to OS shell command injection\nthat can be exploited by opening a crafted patch file that contains an\ned style diff payload with shell metacharacters. The ed editor does\nnot need to be present on the vulnerable system. This is different\nfrom CVE-2018-1000156 .(CVE-2019-13638)\n\nA heap-based out-of-bounds read flaw was found in the way the patch\nutility parsed patch files. An attacker could potentially use this\nflaw to crash the patch utility by tricking it into processing crafted\npatch files.(CVE-2016-10713)\n\nA double-free flaw was found in the way the patch utility processed\npatch files. An attacker could potentially use this flaw to crash the\npatch utility by tricking it into processing crafted\npatches.(CVE-2018-6952)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2019-1317.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update patch' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:patch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:patch-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"patch-2.7.1-12.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"patch-debuginfo-2.7.1-12.amzn2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"patch / patch-debuginfo\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-01T22:34:51", "description": "do_ed_script in pch.c in GNU patch through 2.7.6 does not block\nstrings beginning with a ! character. NOTE: this is the same commit as\nfor CVE-2019-13638 , but the ! syntax is specific to ed, and is\nunrelated to a shell metacharacter.(CVE-2018-20969)\n\nGNU patch through 2.7.6 is vulnerable to OS shell command injection\nthat can be exploited by opening a crafted patch file that contains an\ned style diff payload with shell metacharacters. The ed editor does\nnot need to be present on the vulnerable system. This is different\nfrom CVE-2018-1000156 . (CVE-2019-13638)\n\nA heap-based out-of-bounds read flaw was found in the way the patch\nutility parsed patch files. An attacker could potentially use this\nflaw to crash the patch utility by tricking it into processing crafted\npatch files.(CVE-2016-10713)\n\nA double-free flaw was found in the way the patch utility processed\npatch files. An attacker could potentially use this flaw to crash the\npatch utility by tricking it into processing crafted\npatches.(CVE-2018-6952)", "edition": 24, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-10-28T00:00:00", "title": "Amazon Linux AMI : patch (ALAS-2019-1312)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10713", "CVE-2018-6952", "CVE-2018-1000156", "CVE-2019-13638", "CVE-2018-20969"], "modified": "2021-07-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:patch-debuginfo", "p-cpe:/a:amazon:linux:patch", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2019-1312.NASL", "href": "https://www.tenable.com/plugins/nessus/130282", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2019-1312.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130282);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/18\");\n\n script_cve_id(\"CVE-2016-10713\", \"CVE-2018-20969\", \"CVE-2018-6952\", \"CVE-2019-13638\");\n script_xref(name:\"ALAS\", value:\"2019-1312\");\n\n script_name(english:\"Amazon Linux AMI : patch (ALAS-2019-1312)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"do_ed_script in pch.c in GNU patch through 2.7.6 does not block\nstrings beginning with a ! character. NOTE: this is the same commit as\nfor CVE-2019-13638 , but the ! syntax is specific to ed, and is\nunrelated to a shell metacharacter.(CVE-2018-20969)\n\nGNU patch through 2.7.6 is vulnerable to OS shell command injection\nthat can be exploited by opening a crafted patch file that contains an\ned style diff payload with shell metacharacters. The ed editor does\nnot need to be present on the vulnerable system. This is different\nfrom CVE-2018-1000156 . (CVE-2019-13638)\n\nA heap-based out-of-bounds read flaw was found in the way the patch\nutility parsed patch files. An attacker could potentially use this\nflaw to crash the patch utility by tricking it into processing crafted\npatch files.(CVE-2016-10713)\n\nA double-free flaw was found in the way the patch utility processed\npatch files. An attacker could potentially use this flaw to crash the\npatch utility by tricking it into processing crafted\npatches.(CVE-2018-6952)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2019-1312.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update patch' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:patch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:patch-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"patch-2.7.1-12.14.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"patch-debuginfo-2.7.1-12.14.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"patch / patch-debuginfo\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:05:33", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has patch packages installed that are affected by\nmultiple vulnerabilities:\n\n - An issue was discovered in GNU patch before 2.7.6. Out-\n of-bounds access within pch_write_line() in pch.c can\n possibly lead to DoS via a crafted input file.\n (CVE-2016-10713)\n\n - A double free exists in the another_hunk function in\n pch.c in GNU patch through 2.7.6. (CVE-2018-6952)\n\n - GNU patch through 2.7.6 is vulnerable to OS shell\n command injection that can be exploited by opening a\n crafted patch file that contains an ed style diff\n payload with shell metacharacters. The ed editor does\n not need to be present on the vulnerable system. This is\n different from CVE-2018-1000156. (CVE-2019-13638)\n\n - do_ed_script in pch.c in GNU patch through 2.7.6 does\n not block strings beginning with a ! character. NOTE:\n this is the same commit as for CVE-2019-13638, but the !\n syntax is specific to ed, and is unrelated to a shell\n metacharacter. (CVE-2018-20969)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 15, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-12-31T00:00:00", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : patch Multiple Vulnerabilities (NS-SA-2019-0253)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10713", "CVE-2018-6952", "CVE-2018-1000156", "CVE-2019-13638", "CVE-2018-20969"], "modified": "2019-12-31T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0253_PATCH.NASL", "href": "https://www.tenable.com/plugins/nessus/132496", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0253. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132496);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2016-10713\",\n \"CVE-2018-6952\",\n \"CVE-2018-20969\",\n \"CVE-2019-13638\"\n );\n script_bugtraq_id(103047, 103063);\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : patch Multiple Vulnerabilities (NS-SA-2019-0253)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has patch packages installed that are affected by\nmultiple vulnerabilities:\n\n - An issue was discovered in GNU patch before 2.7.6. Out-\n of-bounds access within pch_write_line() in pch.c can\n possibly lead to DoS via a crafted input file.\n (CVE-2016-10713)\n\n - A double free exists in the another_hunk function in\n pch.c in GNU patch through 2.7.6. (CVE-2018-6952)\n\n - GNU patch through 2.7.6 is vulnerable to OS shell\n command injection that can be exploited by opening a\n crafted patch file that contains an ed style diff\n payload with shell metacharacters. The ed editor does\n not need to be present on the vulnerable system. This is\n different from CVE-2018-1000156. (CVE-2019-13638)\n\n - do_ed_script in pch.c in GNU patch through 2.7.6 does\n not block strings beginning with a ! character. NOTE:\n this is the same commit as for CVE-2019-13638, but the !\n syntax is specific to ed, and is unrelated to a shell\n metacharacter. (CVE-2018-20969)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0253\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL patch packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13638\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.05\": [\n \"patch-2.7.1-12.el7_7\",\n \"patch-debuginfo-2.7.1-12.el7_7\"\n ],\n \"CGSL MAIN 5.05\": [\n \"patch-2.7.1-12.el7_7\",\n \"patch-debuginfo-2.7.1-12.el7_7\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"patch\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-06-04T16:43:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6951", "CVE-2016-10713", "CVE-2018-1000156"], "description": "The remote host is missing an update for the ", "modified": "2020-06-03T00:00:00", "published": "2018-05-04T00:00:00", "id": "OPENVAS:1361412562310851739", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851739", "type": "openvas", "title": "openSUSE: Security Advisory for patch (openSUSE-SU-2018:1137-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851739\");\n script_version(\"2020-06-03T08:38:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-03 08:38:58 +0000 (Wed, 03 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-05-04 05:36:45 +0200 (Fri, 04 May 2018)\");\n script_cve_id(\"CVE-2016-10713\", \"CVE-2018-1000156\", \"CVE-2018-6951\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for patch (openSUSE-SU-2018:1137-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'patch'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for patch fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-1000156: Malicious patch files cause ed to execute arbitrary\n commands (bsc#1088420).\n\n - CVE-2018-6951: Fixed NULL pointer dereference in the intuit_diff_type\n function in pch.c (bsc#1080918).\n\n - CVE-2016-10713: Fixed out-of-bounds access within pch_write_line() in\n pch.c (bsc#1080918).\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-416=1\");\n\n script_tag(name:\"affected\", value:\"patch on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:1137-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-05/msg00004.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"patch\", rpm:\"patch~2.7.5~9.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"patch-debuginfo\", rpm:\"patch-debuginfo~2.7.5~9.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"patch-debugsource\", rpm:\"patch-debugsource~2.7.5~9.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6951", "CVE-2016-10713", "CVE-2018-1000156"], "description": "The remote host is missing an update for the ", "modified": "2019-03-18T00:00:00", "published": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310843793", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843793", "type": "openvas", "title": "Ubuntu Update for patch USN-3624-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3624_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for patch USN-3624-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843793\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2016-10713\", \"CVE-2018-1000156\", \"CVE-2018-6951\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:21:05 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"Ubuntu Update for patch USN-3624-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3624-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3624-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'patch'\n package(s) announced via the USN-3624-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that Patch incorrectly handled certain files. An\nattacker could possibly use this to cause a denial of service.\n(CVE-2016-10713)\n\nIt was discovered that Patch incorrectly handled certain input\nvalidation. An attacker could possibly use this to execute arbitrary\ncode. (CVE-2018-1000156)\n\nIt was discovered that Patch incorrectly handled certain inputs. An\nattacker could possibly use this to cause a denial of service.\n(CVE-2018-6951)\");\n\n script_tag(name:\"affected\", value:\"patch on Ubuntu 17.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"patch\", ver:\"2.7.1-4ubuntu2.4\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"patch\", ver:\"2.7.5-1ubuntu0.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"patch\", ver:\"2.7.5-1ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6951", "CVE-2016-10713", "CVE-2018-6952", "CVE-2018-1000156"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-05-16T00:00:00", "id": "OPENVAS:1361412562310874558", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874558", "type": "openvas", "title": "Fedora Update for patch FEDORA-2018-23a1b5975a", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_23a1b5975a_patch_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for patch FEDORA-2018-23a1b5975a\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874558\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-16 06:06:43 +0200 (Wed, 16 May 2018)\");\n script_cve_id(\"CVE-2018-1000156\", \"CVE-2016-10713\", \"CVE-2018-6951\", \"CVE-2018-6952\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for patch FEDORA-2018-23a1b5975a\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'patch'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"patch on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-23a1b5975a\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YDBBRFTTOUNIUDONEUIL6RZAPCXD2X7H\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"patch\", rpm:\"patch~2.7.6~4.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6951", "CVE-2016-10713", "CVE-2018-6952", "CVE-2018-1000156"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-05-16T00:00:00", "id": "OPENVAS:1361412562310874480", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874480", "type": "openvas", "title": "Fedora Update for patch FEDORA-2018-88a4219528", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_88a4219528_patch_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for patch FEDORA-2018-88a4219528\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874480\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-16 05:56:29 +0200 (Wed, 16 May 2018)\");\n script_cve_id(\"CVE-2018-1000156\", \"CVE-2016-10713\", \"CVE-2018-6951\", \"CVE-2018-6952\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for patch FEDORA-2018-88a4219528\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'patch'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"patch on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-88a4219528\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO56AE7ZZPK4LN7ACIWKTN27OHFCQI4E\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"patch\", rpm:\"patch~2.7.6~4.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6951", "CVE-2016-10713", "CVE-2018-6952", "CVE-2018-1000156"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-10-21T00:00:00", "id": "OPENVAS:1361412562310875209", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875209", "type": "openvas", "title": "Fedora Update for patch FEDORA-2018-d547a126e7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_d547a126e7_patch_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for patch FEDORA-2018-d547a126e7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875209\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-21 07:11:51 +0200 (Sun, 21 Oct 2018)\");\n script_cve_id(\"CVE-2018-6951\", \"CVE-2018-6952\", \"CVE-2018-1000156\", \"CVE-2016-10713\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for patch FEDORA-2018-d547a126e7\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'patch'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"patch on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-d547a126e7\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNPGIRQURZAP3JWU2JZZ6DEVOFYHXQXA\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"patch\", rpm:\"patch~2.7.6~5.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6951", "CVE-2018-6952", "CVE-2018-1000156"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-10-16T00:00:00", "id": "OPENVAS:1361412562310875196", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875196", "type": "openvas", "title": "Fedora Update for patch FEDORA-2018-c255f16bfe", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_c255f16bfe_patch_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for patch FEDORA-2018-c255f16bfe\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875196\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-16 06:36:13 +0200 (Tue, 16 Oct 2018)\");\n script_cve_id(\"CVE-2018-6951\", \"CVE-2018-6952\", \"CVE-2018-1000156\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for patch FEDORA-2018-c255f16bfe\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'patch'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"patch on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-c255f16bfe\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DTAZPKCAJTAOK6CYQP7SPWNXDIAG4A37\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"patch\", rpm:\"patch~2.7.6~5.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6951", "CVE-2016-10713", "CVE-2018-6952"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-03-21T00:00:00", "id": "OPENVAS:1361412562310874252", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874252", "type": "openvas", "title": "Fedora Update for patch FEDORA-2018-71fac70309", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_71fac70309_patch_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for patch FEDORA-2018-71fac70309\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874252\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-21 15:10:48 +0100 (Wed, 21 Mar 2018)\");\n script_cve_id(\"CVE-2016-10713\", \"CVE-2018-6951\", \"CVE-2018-6952\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for patch FEDORA-2018-71fac70309\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'patch'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"patch on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-71fac70309\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PV2HWN7IBAMPLAIOQYVGLUXFKXKYFZFT\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"patch\", rpm:\"patch~2.7.6~3.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:32:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6951", "CVE-2016-10713", "CVE-2018-6952"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-02-21T00:00:00", "id": "OPENVAS:1361412562310874126", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874126", "type": "openvas", "title": "Fedora Update for patch FEDORA-2018-b127e58641", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_b127e58641_patch_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for patch FEDORA-2018-b127e58641\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874126\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-21 08:51:39 +0100 (Wed, 21 Feb 2018)\");\n script_cve_id(\"CVE-2016-10713\", \"CVE-2018-6951\", \"CVE-2018-6952\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for patch FEDORA-2018-b127e58641\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'patch'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"patch on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-b127e58641\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/32RICOL2D42H2MIK22XRP4LDOLKVPUFP\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"patch\", rpm:\"patch~2.7.6~3.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:34:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6951"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192343", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192343", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for patch (EulerOS-SA-2019-2343)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2343\");\n script_version(\"2020-01-23T12:47:36+0000\");\n script_cve_id(\"CVE-2018-6951\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:47:36 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:47:36 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for patch (EulerOS-SA-2019-2343)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.3\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2343\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2343\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'patch' package(s) announced via the EulerOS-SA-2019-2343 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A NULL pointer dereference flaw was found in the way patch processed patch files. An attacker could potentially use this flaw to crash patch by tricking it into processing crafted patches.(CVE-2018-6951)\");\n\n script_tag(name:\"affected\", value:\"'patch' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.3.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.3.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"patch\", rpm:\"patch~2.7.6~5.h2.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.3.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-14T16:48:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10713", "CVE-2015-1196", "CVE-2018-1000156", "CVE-2019-13638", "CVE-2014-9637", "CVE-2018-20969"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-03-13T00:00:00", "published": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562311220201225", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201225", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for patch (EulerOS-SA-2020-1225)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1225\");\n script_version(\"2020-03-13T07:15:49+0000\");\n script_cve_id(\"CVE-2014-9637\", \"CVE-2015-1196\", \"CVE-2016-10713\", \"CVE-2018-20969\", \"CVE-2019-13638\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 07:15:49 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-13 07:15:49 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for patch (EulerOS-SA-2020-1225)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.2\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1225\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1225\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'patch' package(s) announced via the EulerOS-SA-2020-1225 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file.(CVE-2016-10713)\n\nGNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.(CVE-2014-9637)\n\nGNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.(CVE-2015-1196)\n\nGNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.(CVE-2019-13638)\n\ndo_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.(CVE-2018-20969)\");\n\n script_tag(name:\"affected\", value:\"'patch' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.2.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"patch\", rpm:\"patch~2.7.1~10.h3\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2018-05-06T21:58:35", "bulletinFamily": "unix", "cvelist": ["CVE-2018-6951", "CVE-2016-10713", "CVE-2018-1000156"], "description": "This update for patch fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-1000156: Malicious patch files cause ed to execute arbitrary\n commands (bsc#1088420).\n - CVE-2018-6951: Fixed NULL pointer dereference in the intuit_diff_type\n function in pch.c (bsc#1080918).\n - CVE-2016-10713: Fixed out-of-bounds access within pch_write_line() in\n pch.c (bsc#1080918).\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "modified": "2018-05-03T12:08:24", "published": "2018-05-03T12:08:24", "id": "OPENSUSE-SU-2018:1137-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-05/msg00004.html", "type": "suse", "title": "Security update for patch (important)", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-05-06T21:58:35", "bulletinFamily": "unix", "cvelist": ["CVE-2018-6951", "CVE-2016-10713", "CVE-2018-1000156"], "description": "This update for patch fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-1000156: Malicious patch files cause ed to execute arbitrary\n commands (bsc#1088420).\n - CVE-2018-6951: Fixed NULL pointer dereference in the intuit_diff_type\n function in pch.c (bsc#1080918).\n - CVE-2016-10713: Fixed out-of-bounds access within pch_write_line() in\n pch.c (bsc#1080918).\n\n", "modified": "2018-05-02T21:08:01", "published": "2018-05-02T21:08:01", "id": "SUSE-SU-2018:1128-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-05/msg00001.html", "type": "suse", "title": "Security update for patch (important)", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-05-07T23:54:53", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4651", "CVE-2016-10713", "CVE-2018-1000156", "CVE-2014-9637"], "description": "This update for patch fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2018-1000156: patch: Malicious patch files cause ed to execute\n arbitrary commands (bsc#1088420).\n - CVE-2014-9637: Prevent DoS by remote attackers (memory consumption and\n segmentation fault) via a crafted diff file (bsc#914891).\n - CVE-2016-10713: Prevent out-of-bounds access within pch_write_line()\n that could have lead to DoS via a crafted input file (bsc#1080918).\n - CVE-2010-4651: Fixed a directory traversal bug (bsc#662957):\n\n", "modified": "2018-05-07T21:07:23", "published": "2018-05-07T21:07:23", "id": "SUSE-SU-2018:1162-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-05/msg00005.html", "type": "suse", "title": "Security update for patch (important)", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10713", "CVE-2018-1000156", "CVE-2018-6951", "CVE-2018-6952"], "description": "The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file). Patch should be installed because it is a common way of upgrading applications. ", "modified": "2018-05-15T19:53:58", "published": "2018-05-15T19:53:58", "id": "FEDORA:3FF87606E4AD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: patch-2.7.6-4.fc27", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10713", "CVE-2018-1000156", "CVE-2018-6951", "CVE-2018-6952"], "description": "The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file). Patch should be installed because it is a common way of upgrading applications. ", "modified": "2018-05-15T20:00:56", "published": "2018-05-15T20:00:56", "id": "FEDORA:AB6C960A68A9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: patch-2.7.6-4.fc26", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10713", "CVE-2018-1000156", "CVE-2018-6951", "CVE-2018-6952"], "description": "The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file). Patch should be installed because it is a common way of upgrading applications. ", "modified": "2018-10-19T15:51:21", "published": "2018-10-19T15:51:21", "id": "FEDORA:306E86095B2B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: patch-2.7.6-5.fc27", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000156", "CVE-2018-6951", "CVE-2018-6952"], "description": "The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file). Patch should be installed because it is a common way of upgrading applications. ", "modified": "2018-10-15T10:47:23", "published": "2018-10-15T10:47:23", "id": "FEDORA:CC7DF6076D25", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: patch-2.7.6-5.fc28", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10713", "CVE-2018-6951", "CVE-2018-6952"], "description": "The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file). Patch should be installed because it is a common way of upgrading applications. ", "modified": "2018-02-20T17:21:04", "published": "2018-02-20T17:21:04", "id": "FEDORA:981F860DCB48", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: patch-2.7.6-3.fc27", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10713", "CVE-2018-6951", "CVE-2018-6952"], "description": "The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file). Patch should be installed because it is a common way of upgrading applications. ", "modified": "2018-03-20T17:37:23", "published": "2018-03-20T17:37:23", "id": "FEDORA:790BD60A65E7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: patch-2.7.6-3.fc26", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000156"], "description": "The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file). Patch should be installed because it is a common way of upgrading applications. ", "modified": "2018-05-09T21:28:51", "published": "2018-05-09T21:28:51", "id": "FEDORA:020436079D00", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: patch-2.7.6-4.fc28", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:34:23", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10713", "CVE-2018-1000156"], "description": "USN-3624-1 fixed a vulnerability in Patch. This update provides \nthe corresponding update for Ubuntu 12.04 ESM.\n\nOriginal advisory details:\n\nIt was discovered that Patch incorrectly handled certain files. An attacker \ncould possibly use this to cause a denial of service. (CVE-2016-10713)\n\nIt was discovered that Patch incorrectly handled certain input validation. An \nattacker could possibly use this to execute arbitrary code. (CVE-2018-1000156)", "edition": 7, "modified": "2018-04-16T00:00:00", "published": "2018-04-16T00:00:00", "id": "USN-3624-2", "href": "https://ubuntu.com/security/notices/USN-3624-2", "title": "Patch vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-11-07T16:02:40", "bulletinFamily": "unix", "cvelist": ["CVE-2018-6951", "CVE-2018-6952", "CVE-2018-1000156"], "description": "\nNVD reports:\n\nAn issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a \"mangled rename\" issue.\n\n\nA double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.\n\n\nGNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.\n\n", "edition": 3, "modified": "2018-11-11T00:00:00", "published": "2018-04-16T00:00:00", "id": "791841A3-D484-4878-8909-92EF9CE424F4", "href": "https://vuxml.freebsd.org/freebsd/791841a3-d484-4878-8909-92ef9ce424f4.html", "title": "patch -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:41", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000156", "CVE-2018-6951", "CVE-2018-6952"], "description": "Arch Linux Security Advisory ASA-201810-8\n=========================================\n\nSeverity: High\nDate : 2018-10-09\nCVE-ID : CVE-2018-6951 CVE-2018-6952 CVE-2018-1000156\nPackage : patch\nType : multiple issues\nRemote : No\nLink : https://security.archlinux.org/AVG-619\n\nSummary\n=======\n\nThe package patch before version 2.7.6-3 is vulnerable to multiple\nissues including arbitrary command execution and denial of service.\n\nResolution\n==========\n\nUpgrade to 2.7.6-3.\n\n# pacman -Syu \"patch>=2.7.6-3\"\n\nThe problems have been fixed upstream but no release is available yet.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2018-6951 (denial of service)\n\nAn issue was discovered in GNU patch through 2.7.6. There is a\nsegmentation fault, associated with a NULL pointer dereference, leading\nto a denial of service in the intuit_diff_type function in pch.c, aka a\n\"mangled rename\" issue.\n\n- CVE-2018-6952 (denial of service)\n\nA double free exists in the another_hunk function in pch.c in GNU patch\nthrough 2.7.6. An attacker could potentially use this flaw to crash the\npatch utility by tricking it into processing crafted patches.\n\n- CVE-2018-1000156 (arbitrary command execution)\n\nAn arbitrary command execution vulnerability has been found in patch\nversions prior to 2.7.7 when applying ed-style patches. Due to\ninsufficient sanitization of the input patch stream, it is possible for\na patch file to cause patch to pass certain ed scripts to the ed\neditor, which would run commands. This issue could be exploited to\nexecute arbitrary commands as the user invoking patch against a\nspecially crafted patch file, which could be leveraged to obtain\nelevated privileges.\n\nImpact\n======\n\nAn attacker can execute arbitrary commands or crash the patch utility\nvia a specially crafted patch file.\n\nReferences\n==========\n\nhttps://bugs.archlinux.org/task/57526\nhttps://savannah.gnu.org/bugs/?53132\nhttps://git.savannah.gnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a\nhttps://savannah.gnu.org/bugs/?53133\nhttps://git.savannah.gnu.org/cgit/patch.git/commit/?id=9c986353e420ead6e706262bf204d6e03322c300\nhttps://savannah.gnu.org/bugs/?53566\nhttps://git.savannah.gnu.org/cgit/patch.git/commit/?id=123eaff0d5d1aebe128295959435b9ca5909c26d\nhttps://security.archlinux.org/CVE-2018-6951\nhttps://security.archlinux.org/CVE-2018-6952\nhttps://security.archlinux.org/CVE-2018-1000156", "modified": "2018-10-09T00:00:00", "published": "2018-10-09T00:00:00", "id": "ASA-201810-8", "href": "https://security.archlinux.org/ASA-201810-8", "type": "archlinux", "title": "[ASA-201810-8] patch: multiple issues", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2019-04-17T22:56:21", "bulletinFamily": "unix", "cvelist": ["CVE-2018-6951", "CVE-2018-6952", "CVE-2018-1000156"], "description": "### Background\n\nPatch takes a patch file containing a difference listing produced by the diff program and applies those differences to one or more original files, producing patched versions. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Patch. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Patch users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-devel/patch-2.7.6-r3\"", "edition": 1, "modified": "2019-04-17T00:00:00", "published": "2019-04-17T00:00:00", "id": "GLSA-201904-17", "href": "https://security.gentoo.org/glsa/201904-17", "title": "Patch: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "amazon": [{"lastseen": "2021-07-25T19:23:59", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10713", "CVE-2018-1000156", "CVE-2018-20969", "CVE-2018-6952", "CVE-2019-13638"], "description": "**Issue Overview:**\n\ndo_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.(CVE-2018-20969)\n\nGNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156. (CVE-2019-13638)\n\nA heap-based out-of-bounds read flaw was found in the way the patch utility parsed patch files. An attacker could potentially use this flaw to crash the patch utility by tricking it into processing crafted patch files.(CVE-2016-10713)\n\nA double-free flaw was found in the way the patch utility processed patch files. An attacker could potentially use this flaw to crash the patch utility by tricking it into processing crafted patches.(CVE-2018-6952)\n\n \n**Affected Packages:** \n\n\npatch\n\n \n**Issue Correction:** \nRun _yum update patch_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 patch-2.7.1-12.14.amzn1.i686 \n \u00a0\u00a0\u00a0 patch-debuginfo-2.7.1-12.14.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 patch-2.7.1-12.14.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 patch-2.7.1-12.14.amzn1.x86_64 \n \u00a0\u00a0\u00a0 patch-debuginfo-2.7.1-12.14.amzn1.x86_64 \n \n \n", "modified": "2019-11-07T00:22:00", "published": "2019-10-18T23:22:00", "id": "ALAS-2019-1312", "href": "https://alas.aws.amazon.com/ALAS-2019-1312.html", "type": "amazon", "title": "Important: patch", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-25T19:38:17", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10713", "CVE-2018-1000156", "CVE-2018-20969", "CVE-2018-6952", "CVE-2019-13638"], "description": "**Issue Overview:**\n\ndo_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.(CVE-2018-20969)\n\nGNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.(CVE-2019-13638)\n\nA heap-based out-of-bounds read flaw was found in the way the patch utility parsed patch files. An attacker could potentially use this flaw to crash the patch utility by tricking it into processing crafted patch files.(CVE-2016-10713)\n\nA double-free flaw was found in the way the patch utility processed patch files. An attacker could potentially use this flaw to crash the patch utility by tricking it into processing crafted patches.(CVE-2018-6952)\n\n \n**Affected Packages:** \n\n\npatch\n\n \n**Issue Correction:** \nRun _yum update patch_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 patch-2.7.1-12.amzn2.aarch64 \n \u00a0\u00a0\u00a0 patch-debuginfo-2.7.1-12.amzn2.aarch64 \n \n i686: \n \u00a0\u00a0\u00a0 patch-2.7.1-12.amzn2.i686 \n \u00a0\u00a0\u00a0 patch-debuginfo-2.7.1-12.amzn2.i686 \n \n src: \n \u00a0\u00a0\u00a0 patch-2.7.1-12.amzn2.src \n \n x86_64: \n \u00a0\u00a0\u00a0 patch-2.7.1-12.amzn2.x86_64 \n \u00a0\u00a0\u00a0 patch-debuginfo-2.7.1-12.amzn2.x86_64 \n \n \n", "modified": "2019-11-07T00:25:00", "published": "2019-10-21T18:01:00", "id": "ALAS2-2019-1317", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1317.html", "type": "amazon", "title": "Important: patch", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:59", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000156"], "description": "The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file).\n\nPatch should be installed because it is a common way of upgrading applications.\n\nSecurity Fix(es):\n\n* patch: Malicious patch files cause ed to execute arbitrary commands (CVE-2018-1000156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2018-06-07T18:23:16", "published": "2018-04-23T20:30:19", "id": "RHSA-2018:1199", "href": "https://access.redhat.com/errata/RHSA-2018:1199", "type": "redhat", "title": "(RHSA-2018:1199) Important: patch security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:57", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000156"], "description": "The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file).\n\nSecurity Fix(es):\n\n* patch: Malicious patch files cause ed to execute arbitrary commands (CVE-2018-1000156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2018-06-27T22:06:59", "published": "2018-06-27T22:05:33", "id": "RHSA-2018:2096", "href": "https://access.redhat.com/errata/RHSA-2018:2096", "type": "redhat", "title": "(RHSA-2018:2096) Important: patch security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:44:48", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000156"], "description": "The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file).\n\nSecurity Fix(es):\n\n* patch: Malicious patch files cause ed to execute arbitrary commands (CVE-2018-1000156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2018-06-27T22:07:55", "published": "2018-06-27T22:05:28", "id": "RHSA-2018:2095", "href": "https://access.redhat.com/errata/RHSA-2018:2095", "type": "redhat", "title": "(RHSA-2018:2095) Important: patch security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:52", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000156"], "description": "The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file).\n\nSecurity Fix(es):\n\n* patch: Malicious patch files cause ed to execute arbitrary commands (CVE-2018-1000156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2018-06-27T22:07:33", "published": "2018-06-27T22:05:38", "id": "RHSA-2018:2097", "href": "https://access.redhat.com/errata/RHSA-2018:2097", "type": "redhat", "title": "(RHSA-2018:2097) Important: patch security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:27", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000156"], "description": "The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file).\n\nSecurity Fix(es):\n\n* patch: Malicious patch files cause ed to execute arbitrary commands (CVE-2018-1000156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2018-06-27T22:08:50", "published": "2018-06-27T22:05:05", "id": "RHSA-2018:2091", "href": "https://access.redhat.com/errata/RHSA-2018:2091", "type": "redhat", "title": "(RHSA-2018:2091) Important: patch security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:44:46", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000156"], "description": "The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file).\n\nSecurity Fix(es):\n\n* patch: Malicious patch files cause ed to execute arbitrary commands (CVE-2018-1000156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2018-06-27T22:07:50", "published": "2018-06-27T22:05:16", "id": "RHSA-2018:2093", "href": "https://access.redhat.com/errata/RHSA-2018:2093", "type": "redhat", "title": "(RHSA-2018:2093) Important: patch security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:08", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000156"], "description": "The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file).\n\nSecurity Fix(es):\n\n* patch: Malicious patch files cause ed to execute arbitrary commands (CVE-2018-1000156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2018-06-27T22:08:41", "published": "2018-06-27T22:05:22", "id": "RHSA-2018:2094", "href": "https://access.redhat.com/errata/RHSA-2018:2094", "type": "redhat", "title": "(RHSA-2018:2094) Important: patch security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:30", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000156"], "description": "The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file).\n\nPatch should be installed because it is a common way of upgrading applications.\n\nSecurity Fix(es):\n\n* patch: Malicious patch files cause ed to execute arbitrary commands (CVE-2018-1000156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2018-04-23T20:36:05", "published": "2018-04-23T20:32:14", "id": "RHSA-2018:1200", "href": "https://access.redhat.com/errata/RHSA-2018:1200", "type": "redhat", "title": "(RHSA-2018:1200) Important: patch security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:45", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000156"], "description": "The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file).\n\nSecurity Fix(es):\n\n* patch: Malicious patch files cause ed to execute arbitrary commands (CVE-2018-1000156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2018-06-27T22:25:24", "published": "2018-06-27T22:05:11", "id": "RHSA-2018:2092", "href": "https://access.redhat.com/errata/RHSA-2018:2092", "type": "redhat", "title": "(RHSA-2018:2092) Important: patch security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2020-10-25T16:36:23", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000156"], "description": "New patch packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\n14.2, and -current to fix a security issue.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/patch-2.7.6-i586-1_slack14.2.txz: Upgraded.\n Fix arbitrary shell execution possible with obsolete ed format patches.\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000156\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/patch-2.7.4-i486-2_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/patch-2.7.4-x86_64-2_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/patch-2.7.4-i486-2_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/patch-2.7.4-x86_64-2_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/patch-2.7.4-i486-2_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/patch-2.7.4-x86_64-2_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/patch-2.7.6-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/patch-2.7.6-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/patch-2.7.6-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/patch-2.7.6-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/patch-2.7.6-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/patch-2.7.6-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/patch-2.7.6-i586-2.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/patch-2.7.6-x86_64-2.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\n00f35653789d712f57fee6fd1a835c92 patch-2.7.4-i486-2_slack13.0.txz\n\nSlackware x86_64 13.0 package:\nbf6e8933c44da065140b0454494ba98c patch-2.7.4-x86_64-2_slack13.0.txz\n\nSlackware 13.1 package:\n4c65685da4d67a92b328448322b50deb patch-2.7.4-i486-2_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n38e180dbd12a98fc7f90a9778ad7d11f patch-2.7.4-x86_64-2_slack13.1.txz\n\nSlackware 13.37 package:\nc2f3110b04876a3cfc3161768c74f77f patch-2.7.4-i486-2_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n629fe112ebf36b9650cf5da59d8311f4 patch-2.7.4-x86_64-2_slack13.37.txz\n\nSlackware 14.0 package:\n6d178922fbfd8975a93056c9830f1a21 patch-2.7.6-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n498c13fa8188b43adf464aad371e3526 patch-2.7.6-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n96d7a27bc2f424de367d24272e5b9977 patch-2.7.6-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n12577a53b0e9aa01ec1c1a179418b5f5 patch-2.7.6-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n670e0e3a2a2aa8384a23401b81a6f149 patch-2.7.6-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\nca19d09f667e342854629acf0a8cc65e patch-2.7.6-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n5381cd04d5d311001c5bc096521bdf25 a/patch-2.7.6-i586-2.txz\n\nSlackware x86_64 -current package:\n6856f79a72dc3af760590822930ac64f a/patch-2.7.6-x86_64-2.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg patch-2.7.6-i586-1_slack14.2.txz", "modified": "2018-04-07T00:25:33", "published": "2018-04-07T00:25:33", "id": "SSA-2018-096-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.529530", "type": "slackware", "title": "[slackware-security] patch", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2021-06-04T20:20:51", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000156"], "description": "[2.6-8]\n- Fixed year overflow detected in rpmdiff\n[2.6-7]\n- Fixed CVE-2018-1000156 - Malicious patch files cause ed to execute arbitrary commands", "modified": "2018-04-23T00:00:00", "published": "2018-04-23T00:00:00", "id": "ELSA-2018-1199", "href": "http://linux.oracle.com/errata/ELSA-2018-1199.html", "type": "oraclelinux", "title": "patch security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-06-04T20:20:36", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000156"], "description": "[2.7.1-10]\n- Fixed Coverity reported issues\n[2.7.1-9]\n- Fixed CVE-2018-1000156 - Malicious patch files cause ed to execute arbitrary commands", "modified": "2018-04-23T00:00:00", "published": "2018-04-23T00:00:00", "id": "ELSA-2018-1200", "href": "http://linux.oracle.com/errata/ELSA-2018-1200.html", "type": "oraclelinux", "title": "patch security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:22:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000156"], "description": "Package : patch\nVersion : 2.6.1-3+deb7u1\nCVE ID : CVE-2018-1000156\nDebian Bug : #894993\n\nIt was discovered that there was an input validation vulnerability in the\npatch(1) utility where an ed(1) script embedded in a regular input file\ncould result in arbitrary code execution. This was reported by Rachel\nKroll [0] et al.\n\nFor Debian 7 "Wheezy", this issue has been fixed in patch version\n2.6.1-3+deb7u1.\n\nWe recommend that you upgrade your patch packages.\n\n [0] https://rachelbythebay.com/w/2018/04/05/bangpatch/\n\n\nRegards,\n\n- -- \n ,''`.\n : :' : Chris Lamb\n `. `'` lamby@debian.org / chris-lamb.co.uk\n `-\n\n", "edition": 2, "modified": "2018-04-16T11:16:11", "published": "2018-04-16T11:16:11", "id": "DEBIAN:DLA-1348-1:CDB63", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201804/msg00013.html", "title": "[SECURITY] [DLA 1348-1] patch security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2020-12-08T03:36:49", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000156"], "description": "**CentOS Errata and Security Advisory** CESA-2018:1200\n\n\nThe patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file).\n\nPatch should be installed because it is a common way of upgrading applications.\n\nSecurity Fix(es):\n\n* patch: Malicious patch files cause ed to execute arbitrary commands (CVE-2018-1000156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2018-May/034930.html\n\n**Affected packages:**\npatch\n\n**Upstream details at:**\n", "edition": 4, "modified": "2018-05-30T18:24:23", "published": "2018-05-30T18:24:23", "id": "CESA-2018:1200", "href": "http://lists.centos.org/pipermail/centos-announce/2018-May/034930.html", "title": "patch security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-08T03:36:05", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000156"], "description": "**CentOS Errata and Security Advisory** CESA-2018:1199\n\n\nThe patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file).\n\nPatch should be installed because it is a common way of upgrading applications.\n\nSecurity Fix(es):\n\n* patch: Malicious patch files cause ed to execute arbitrary commands (CVE-2018-1000156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2018-May/034857.html\n\n**Affected packages:**\npatch\n\n**Upstream details at:**\n", "edition": 5, "modified": "2018-05-02T12:03:45", "published": "2018-05-02T12:03:45", "id": "CESA-2018:1199", "href": "http://lists.centos.org/pipermail/centos-announce/2018-May/034857.html", "title": "patch security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
