AVG-619

Package patch
Status Fixed
Severity High
Type multiple issues
Affected 2.7.6-1
Fixed 2.7.6-3
Current 2.7.6-7 [core]
Ticket FS#57526
Created Thu Feb 15 23:36:51 2018
Issue Severity Remote Type Description
CVE-2018-6952 Medium No Denial of service
A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. An attacker could potentially use this flaw to crash the patch...
CVE-2018-6951 Low No Denial of service
An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of...
CVE-2018-1000156 High No Arbitrary command execution
An arbitrary command execution vulnerability has been found in patch versions prior to 2.7.7 when applying ed-style patches. Due to insufficient...
Date Advisory Package Description
09 Oct 2018 ASA-201810-8 patch multiple issues
Notes
Patch for CVE-2018-1000156 and CVE-2018-6952 was not applied therefor AVG-808 exists that addresses this issue properly.