Showing 1 - 4 of 4

CVE-2015-1196

Status Candidate

Overview

GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.

Ubuntu Security Notice USN-2651-1: Posted Jun 22, 2015; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 2651-1 - Jakub Wilk discovered that GNU patch did not correctly handle file paths in patch files. An attacker could specially craft a patch file that could overwrite arbitrary files with the privileges of the user invoking the program. This issue only affected Ubuntu 12.04 LTS. Laszlo Boszormenyi discovered that GNU patch did not correctly handle some patch files. An attacker could specially craft a patch file that could cause a denial of service. Various other issues were also addressed.; tags | advisory, denial of service, arbitrary; systems | linux, ubuntu; advisories | CVE-2010-4651, CVE-2014-9637, CVE-2015-1196, CVE-2015-1395, CVE-2015-1396; SHA-256 | e43ff81e4eac19b638143530ecd655f45f29338ebb1060483b4634127142c235; Download | Favorite | View

Mandriva Linux Security Advisory 2015-138: Posted Mar 30, 2015; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2015-138 - It was reported that a crafted diff file can make patch eat memory and later segfault. It was reported that the versions of the patch utility that support Git-style patches are vulnerable to a directory traversal flaw. This could allow an attacker to overwrite arbitrary files by applying a specially crafted patch, with the privileges of the user running patch. GNU patch before 2.7.4 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.; tags | advisory, remote, arbitrary; systems | linux, mandriva; advisories | CVE-2014-9637, CVE-2015-1196, CVE-2015-1395; SHA-256 | 8f8e1c73634a3689d8e6323af40e9c4af6955c1e0849939e0b6d5b933cefd02c; Download | Favorite | View

Mandriva Linux Security Advisory 2015-050: Posted Mar 2, 2015; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2015-050 - It was reported that a crafted diff file can make patch eat memory and later segfault. It was reported that the versions of the patch utility that support Git-style patches are vulnerable to a directory traversal flaw. This could allow an attacker to overwrite arbitrary files by applying a specially crafted patch, with the privileges of the user running patch. GNU patch before 2.7.4 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.; tags | advisory, remote, arbitrary; systems | linux, mandriva; advisories | CVE-2014-9637, CVE-2015-1196, CVE-2015-1395; SHA-256 | dd7de176b34a952d25575c635b880b8c9dc41848d647c7ceb42a7c5c8cf1b677; Download | Favorite | View

Slackware Security Advisory - patch Updates: Posted Feb 16, 2015; Authored by Slackware Security Team | Site slackware.com; Slackware Security Advisory - New patch packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.; tags | advisory; systems | linux, slackware; advisories | CVE-2015-1196; SHA-256 | fe238ef2150aeead7d26e594876ec8bf81a81d4520601e123f7712c1a3a86010; Download | Favorite | View

Page 1 of 1 Back 1 Next