Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2018:1162-1

Опубликовано: 07 мая 2018
Источник: suse-cvrf

Описание

Security update for patch

This update for patch fixes several issues.

These security issues were fixed:

  • CVE-2018-1000156: patch: Malicious patch files cause ed to execute arbitrary commands (bsc#1088420).
  • CVE-2014-9637: Prevent DoS by remote attackers (memory consumption and segmentation fault) via a crafted diff file (bsc#914891).
  • CVE-2016-10713: Prevent out-of-bounds access within pch_write_line() that could have lead to DoS via a crafted input file (bsc#1080918).
  • CVE-2010-4651: Fixed a directory traversal bug (bsc#662957):

Список пакетов

SUSE Linux Enterprise Point of Sale 11 SP3
patch-2.5.9-252.22.7.1
SUSE Linux Enterprise Server 11 SP3-LTSS
patch-2.5.9-252.22.7.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
patch-2.5.9-252.22.7.1
SUSE Linux Enterprise Server 11 SP4
patch-2.5.9-252.22.7.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
patch-2.5.9-252.22.7.1

Ссылки

Описание

Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:patch-2.5.9-252.22.7.1
SUSE Linux Enterprise Server 11 SP3-LTSS:patch-2.5.9-252.22.7.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:patch-2.5.9-252.22.7.1
SUSE Linux Enterprise Server 11 SP4:patch-2.5.9-252.22.7.1
Ссылки

Описание

GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:patch-2.5.9-252.22.7.1
SUSE Linux Enterprise Server 11 SP3-LTSS:patch-2.5.9-252.22.7.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:patch-2.5.9-252.22.7.1
SUSE Linux Enterprise Server 11 SP4:patch-2.5.9-252.22.7.1
Ссылки

Описание

An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:patch-2.5.9-252.22.7.1
SUSE Linux Enterprise Server 11 SP3-LTSS:patch-2.5.9-252.22.7.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:patch-2.5.9-252.22.7.1
SUSE Linux Enterprise Server 11 SP4:patch-2.5.9-252.22.7.1
Ссылки

Описание

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:patch-2.5.9-252.22.7.1
SUSE Linux Enterprise Server 11 SP3-LTSS:patch-2.5.9-252.22.7.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:patch-2.5.9-252.22.7.1
SUSE Linux Enterprise Server 11 SP4:patch-2.5.9-252.22.7.1
Ссылки