Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 552
Alerts This Week
Warning Icon 1 552

Ubuntu: 14.10 and 14.04 LTS USN-2651-1 Moderate: GNU Patch DoS

ubuntu
Calendar Grey June 22, 2015
Dist Ubuntu Esm H88
Various GNU diff flaws may result in unauthorized file modifications and service interruptions impacting numerous Debian distributions.
Several security issues were fixed in GNU patch.

Summary

Several security issues were fixed in GNU patch.

Software Description:

- patch: Apply a diff file to an original

Details:

Jakub Wilk discovered that GNU patch did not correctly handle file paths in

patch files. An attacker could specially craft a patch file that could

overwrite arbitrary files with the privileges of the user invoking the program.

This issue only affected Ubuntu 12.04 LTS. (CVE-2010-4651)

László Böszörményi discovered that GNU patch did not correctly handle some

patch files. An attacker could specially craft a patch file that could cause a

denial of service. (CVE-2014-9637)

Jakub Wilk discovered that GNU patch did not correctly handle symbolic links in

git style patch files. An attacker could specially craft a patch file that

could overwrite arbitrary files with the privileges of the user invoking the

program. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10.

(CVE-2015-1196)

Jakub Wilk discovered that GNU patch did not cor...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
  patch                           2.7.1-5ubuntu0.3

Ubuntu 14.04 LTS:
  patch                           2.7.1-4ubuntu2.3

Ubuntu 12.04 LTS:
  patch                           2.6.1-3ubuntu0.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2651-1

CVE-2010-4651, CVE-2014-9637, CVE-2015-1196, CVE-2015-1395,

CVE-2015-1396

June 22, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.