AVG-808 log
| Package | patch |
| Status | Fixed |
| Severity | High |
| Type | multiple issues |
| Affected | 2.7.6-3 |
| Fixed | 2.7.6-7 |
| Current | 2.7.6-10 [core] |
| Ticket | FS#57526 |
| Created | Mon Nov 12 17:39:29 2018 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2018-1000156 | High | No | Arbitrary command execution | An arbitrary command execution vulnerability has been found in patch versions prior to 2.7.7 when applying ed-style patches. Due to insufficient... |
| CVE-2018-6952 | Medium | No | Denial of service | A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. An attacker could potentially use this flaw to crash the patch... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 12 Nov 2018 | ASA-201811-14 | patch | multiple issues |
| Notes |
|---|
Patch for CVE-2018-1000156 and CVE-2018-6952 was not applied in AVG-619 therefor this group exists that addresses this issue properly. |