what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice USN-2651-1

Ubuntu Security Notice USN-2651-1
Posted Jun 22, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2651-1 - Jakub Wilk discovered that GNU patch did not correctly handle file paths in patch files. An attacker could specially craft a patch file that could overwrite arbitrary files with the privileges of the user invoking the program. This issue only affected Ubuntu 12.04 LTS. Laszlo Boszormenyi discovered that GNU patch did not correctly handle some patch files. An attacker could specially craft a patch file that could cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2010-4651, CVE-2014-9637, CVE-2015-1196, CVE-2015-1395, CVE-2015-1396
SHA-256 | e43ff81e4eac19b638143530ecd655f45f29338ebb1060483b4634127142c235

Ubuntu Security Notice USN-2651-1

Change Mirror Download
==========================================================================
Ubuntu Security Notice USN-2651-1
June 22, 2015

patch vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in GNU patch.

Software Description:
- patch: Apply a diff file to an original

Details:

Jakub Wilk discovered that GNU patch did not correctly handle file paths in
patch files. An attacker could specially craft a patch file that could
overwrite arbitrary files with the privileges of the user invoking the program.
This issue only affected Ubuntu 12.04 LTS. (CVE-2010-4651)

László Böszörményi discovered that GNU patch did not correctly handle some
patch files. An attacker could specially craft a patch file that could cause a
denial of service. (CVE-2014-9637)

Jakub Wilk discovered that GNU patch did not correctly handle symbolic links in
git style patch files. An attacker could specially craft a patch file that
could overwrite arbitrary files with the privileges of the user invoking the
program. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10.
(CVE-2015-1196)

Jakub Wilk discovered that GNU patch did not correctly handle file renames in
git style patch files. An attacker could specially craft a patch file that
could overwrite arbitrary files with the privileges of the user invoking the
program. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10.
(CVE-2015-1395)

Jakub Wilk discovered the fix for CVE-2015-1196 was incomplete for GNU patch.
An attacker could specially craft a patch file that could overwrite arbitrary
files with the privileges of the user invoking the program. This issue only
affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-1396)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
patch 2.7.1-5ubuntu0.3

Ubuntu 14.04 LTS:
patch 2.7.1-4ubuntu2.3

Ubuntu 12.04 LTS:
patch 2.6.1-3ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2651-1
CVE-2010-4651, CVE-2014-9637, CVE-2015-1196, CVE-2015-1395,
CVE-2015-1396

Package Information:
https://launchpad.net/ubuntu/+source/patch/2.7.1-5ubuntu0.3
https://launchpad.net/ubuntu/+source/patch/2.7.1-4ubuntu2.3
https://launchpad.net/ubuntu/+source/patch/2.6.1-3ubuntu0.1

Login or Register to add favorites

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close