AVG-808 log

Package patch
Status Fixed
Severity High
Type multiple issues
Affected 2.7.6-3
Fixed 2.7.6-7
Current 2.7.6-10 [core]
Ticket FS#57526
Created Mon Nov 12 17:39:29 2018
Issue Severity Remote Type Description
CVE-2018-1000156 High No Arbitrary command execution
An arbitrary command execution vulnerability has been found in patch versions prior to 2.7.7 when applying ed-style patches. Due to insufficient...
CVE-2018-6952 Medium No Denial of service
A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. An attacker could potentially use this flaw to crash the patch...
Date Advisory Package Type
12 Nov 2018 ASA-201811-14 patch multiple issues
Notes
Patch for CVE-2018-1000156 and CVE-2018-6952 was not applied in AVG-619 therefor this group exists that addresses this issue properly.