Debian Bug report logs -
#894993
patch: CVE-2018-1000156: input validation vulnerability when processing patch files
Package:
src:patch;
Maintainer for src:patch is Laszlo Boszormenyi (GCS) <gcs@debianorg>;
Reported by: "brian m carlson" <sandals@crustytoothpastenet>
Date: Thu, 5 Apr 2018 23:24:02 UTC
Severity: g ...
Imre Rad discovered several vulnerabilities in GNU patch, leading to
shell command injection or escape from the working directory and access
and overwrite files, if specially crafted patch files are processed
This update includes a bugfix for a regression introduced by the patch
to address CVE-2018-1000156 when applying an ed-style patch (#933140) ...
Several security issues were fixed in Patch ...
Several security issues were fixed in Patch ...
Synopsis
Important: patch security update
Type/Severity
Security Advisory: Important
Topic
An update for patch is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, whi ...
Synopsis
Important: patch security update
Type/Severity
Security Advisory: Important
Topic
An update for patch is now available for Red Hat Enterprise Linux 67 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis
Important: patch security update
Type/Severity
Security Advisory: Important
Topic
An update for patch is now available for Red Hat Enterprise Linux 65 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis
Important: patch security update
Type/Severity
Security Advisory: Important
Topic
An update for patch is now available for Red Hat Enterprise Linux 64 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis
Important: patch security update
Type/Severity
Security Advisory: Important
Topic
An update for patch is now available for Red Hat Enterprise Linux 74 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis
Important: patch security update
Type/Severity
Security Advisory: Important
Topic
An update for patch is now available for Red Hat Enterprise Linux 73 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis
Important: patch security update
Type/Severity
Security Advisory: Important
Topic
An update for patch is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, whi ...
Synopsis
Important: patch security update
Type/Severity
Security Advisory: Important
Topic
An update for patch is now available for Red Hat Enterprise Linux 66 Advanced Update Support and Red Hat Enterprise Linux 66 Telco Extended Update SupportRed Hat Product Security has rated this update as having a s ...
Synopsis
Important: patch security update
Type/Severity
Security Advisory: Important
Topic
An update for patch is now available for Red Hat Enterprise Linux 72 Advanced Update Support, Red Hat Enterprise Linux 72 Telco Extended Update Support, and Red Hat Enterprise Linux 72 Update Services for SAP Solut ...
Malicious patch files cause ed to execute arbitrary commandsGNU Patch version 276 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution This attack appear to be exploitable via a patch file processed via the patch utility This is similar to Free ...
Malicious patch files cause ed to execute arbitrary commandsGNU Patch version 276 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution This attack appear to be exploitable via a patch file processed via the patch utility This is similar to Free ...
GNU Patch version 276 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution This attack appear to be exploitable via a patch file processed via the patch utility This is similar to FreeBSD's CVE-2015-1418 however although they share a common anc ...
An arbitrary command execution vulnerability has been found in patch versions prior to 277 when applying ed-style patches Due to insufficient sanitization of the input patch stream, it is possible for a patch file to cause patch to pass certain ed scripts to the ed editor, which would run commands This issue could be exploited to execute arbitr ...