What Are You Looking For?

Sign Up

Package        : patch
Version        : 2.6.1-3+deb7u1
CVE ID         : CVE-2018-1000156
Debian Bug     : #894993

It was discovered that there was an input validation vulnerability in the
patch(1) utility where an ed(1) script embedded in a regular input file
could result in arbitrary code execution. This was reported by Rachel
Kroll [0] et al.

For Debian 7 "Wheezy", this issue has been fixed in patch version
2.6.1-3+deb7u1.

We recommend that you upgrade your patch packages.

  [0] https://rachelbythebay.com/w/2018/04/05/bangpatch/


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

Debian LTS: DLA-1348-1: patch security update

April 16, 2018
It was discovered that there was an input validation vulnerability in the patch(1) utility where an ed(1) script embedded in a regular input file could result in arbitrary code exe...

Summary

We recommend that you upgrade your patch packages.

[0] https://rachelbythebay.com/w/2018/04/05/bangpatch/


Regards,

- --
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-



Severity
Package : patch
Version : 2.6.1-3+deb7u1
CVE ID : CVE-2018-1000156
Debian Bug : #894993

Related News

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In

Nov 25, 2023

Severe Chromium Bug Threatens Sensitive Data, System Availability

Nov 13, 2023

From Heartbleed to Now: Evolving Threats in OpenSSL and How to Guard Against Them

Nov 17, 2023

News

Advisories

HOWTOs

Features

Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024

About Us

Powered By

Footer Logo