Twenty Year Anniversary
Showing 1 - 12 of 12 RSS Feed

CVE-2018-1000156

Status Candidate

Overview

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.

Related Files

Red Hat Security Advisory 2018-2091-01
Posted Jun 27, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2091-01 - The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-1000156
MD5 | c0de3a837a5a3c5122cb157f596aed83
Red Hat Security Advisory 2018-2092-01
Posted Jun 27, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2092-01 - The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-1000156
MD5 | 095202fc4ff21b9726f7b4f199e3dc3e
Red Hat Security Advisory 2018-2097-01
Posted Jun 27, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2097-01 - The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-1000156
MD5 | 25a39dba28729ed6617399de4b3b2a51
Red Hat Security Advisory 2018-2095-01
Posted Jun 27, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2095-01 - The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-1000156
MD5 | 3dd269eaf342d8a3935b456c03d8b4fe
Red Hat Security Advisory 2018-2093-01
Posted Jun 27, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2093-01 - The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-1000156
MD5 | e12e5b0c51549549c444b01436075b97
Red Hat Security Advisory 2018-2094-01
Posted Jun 27, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2094-01 - The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-1000156
MD5 | 1d8fca2553b9304323f83d4958a05409
Red Hat Security Advisory 2018-2096-01
Posted Jun 27, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2096-01 - The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-1000156
MD5 | 8cc3a47e555fbec3e90a03ecfe1d03fb
Red Hat Security Advisory 2018-1200-01
Posted Apr 24, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1200-01 - The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file. Patch should be installed because it is a common way of upgrading applications. Issues addressed include a patching vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-1000156
MD5 | 4df6523dece120253a17691a49bf85b9
Red Hat Security Advisory 2018-1199-01
Posted Apr 24, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1199-01 - The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file. Patch should be installed because it is a common way of upgrading applications. Issues addressed include a patching vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-1000156
MD5 | e7aef592f79407723a43b679bd64904d
Ubuntu Security Notice USN-3624-2
Posted Apr 16, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3624-2 - USN-3624-1 fixed a vulnerability in Patch. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Patch incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2016-10713, CVE-2018-1000156
MD5 | 971e4a2d00b4d3b923c13b578f6c3ce6
Ubuntu Security Notice USN-3624-1
Posted Apr 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3624-1 - It was discovered that Patch incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. It was discovered that Patch incorrectly handled certain input validation. An attacker could possibly use this to execute arbitrary code. It was discovered that Patch incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-10713, CVE-2018-1000156, CVE-2018-6951
MD5 | 9e70bb7ed2470ea8719d2c9b41d1409e
Slackware Security Advisory - patch Updates
Posted Apr 6, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New patch packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2018-1000156
MD5 | d82d0bb32c2cf43806488c987a1059fb
Page 1 of 1
Back1Next

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    16 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close