AVG-619 log
| Package | patch |
| Status | Fixed |
| Severity | High |
| Type | multiple issues |
| Affected | 2.7.6-1 |
| Fixed | 2.7.6-3 |
| Current | 2.8-1 [core] |
| Ticket | FS#57526 |
| Created | Thu Feb 15 23:36:51 2018 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2018-1000156 | High | No | Arbitrary command execution | An arbitrary command execution vulnerability has been found in patch versions prior to 2.7.7 when applying ed-style patches. Due to insufficient... |
| CVE-2018-6952 | Medium | No | Denial of service | A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. An attacker could potentially use this flaw to crash the patch... |
| CVE-2018-6951 | Low | No | Denial of service | An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 09 Oct 2018 | ASA-201810-8 | patch | multiple issues |
| Notes |
|---|
Patch for CVE-2018-1000156 and CVE-2018-6952 was not applied therefor AVG-808 exists that addresses this issue properly. |