Vulnerabilities > CVE-2018-6952 - Double Free vulnerability in GNU Patch

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
gnu
CWE-415
nessus

Summary

A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0253_PATCH.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has patch packages installed that are affected by multiple vulnerabilities: - An issue was discovered in GNU patch before 2.7.6. Out- of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file. (CVE-2016-10713) - A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. (CVE-2018-6952) - GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156. (CVE-2019-13638) - do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter. (CVE-2018-20969) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id132496
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132496
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : patch Multiple Vulnerabilities (NS-SA-2019-0253)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from ZTE advisory NS-SA-2019-0253. The text
    # itself is copyright (C) ZTE, Inc.
    
    include('compat.inc');
    
    if (description)
    {
      script_id(132496);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/02");
    
      script_cve_id(
        "CVE-2016-10713",
        "CVE-2018-6952",
        "CVE-2018-20969",
        "CVE-2019-13638"
      );
      script_bugtraq_id(103047, 103063);
    
      script_name(english:"NewStart CGSL CORE 5.05 / MAIN 5.05 : patch Multiple Vulnerabilities (NS-SA-2019-0253)");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote machine is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has patch packages installed that are affected by
    multiple vulnerabilities:
    
      - An issue was discovered in GNU patch before 2.7.6. Out-
        of-bounds access within pch_write_line() in pch.c can
        possibly lead to DoS via a crafted input file.
        (CVE-2016-10713)
    
      - A double free exists in the another_hunk function in
        pch.c in GNU patch through 2.7.6. (CVE-2018-6952)
    
      - GNU patch through 2.7.6 is vulnerable to OS shell
        command injection that can be exploited by opening a
        crafted patch file that contains an ed style diff
        payload with shell metacharacters. The ed editor does
        not need to be present on the vulnerable system. This is
        different from CVE-2018-1000156. (CVE-2019-13638)
    
      - do_ed_script in pch.c in GNU patch through 2.7.6 does
        not block strings beginning with a ! character. NOTE:
        this is the same commit as for CVE-2019-13638, but the !
        syntax is specific to ed, and is unrelated to a shell
        metacharacter. (CVE-2018-20969)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0253");
      script_set_attribute(attribute:"solution", value:
    "Upgrade the vulnerable CGSL patch packages. Note that updated packages may not be available yet. Please contact ZTE for
    more information.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-13638");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/31");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"NewStart CGSL Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/ZTE-CGSL/release");
    if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux");
    
    if (release !~ "CGSL CORE 5.05" &&
        release !~ "CGSL MAIN 5.05")
      audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');
    
    if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu);
    
    flag = 0;
    
    pkgs = {
      "CGSL CORE 5.05": [
        "patch-2.7.1-12.el7_7",
        "patch-debuginfo-2.7.1-12.el7_7"
      ],
      "CGSL MAIN 5.05": [
        "patch-2.7.1-12.el7_7",
        "patch-debuginfo-2.7.1-12.el7_7"
      ]
    };
    pkg_list = pkgs[release];
    
    foreach (pkg in pkg_list)
      if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "patch");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-D547A126E7.NASL
    descriptionSecurity fix for CVE-2018-6951 and CVE-2018-6952 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-10-22
    plugin id118245
    published2018-10-22
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118245
    titleFedora 27 : patch (2018-d547a126e7)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190806_PATCH_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - patch: Out-of-bounds access in pch_write_line function in pch.c (CVE-2016-10713) - patch: Double free of memory in pch.c:another_hunk() causes a crash (CVE-2018-6952)
    last seen2020-03-18
    modified2019-08-27
    plugin id128249
    published2019-08-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128249
    titleScientific Linux Security Update : patch on SL7.x x86_64 (20190806)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0205_PATCH.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has patch packages installed that are affected by multiple vulnerabilities: - An issue was discovered in GNU patch before 2.7.6. Out- of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file. (CVE-2016-10713) - A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. (CVE-2018-6952) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id129931
    published2019-10-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129931
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : patch Multiple Vulnerabilities (NS-SA-2019-0205)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1317.NASL
    descriptiondo_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638 , but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.(CVE-2018-20969) GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156 .(CVE-2019-13638) A heap-based out-of-bounds read flaw was found in the way the patch utility parsed patch files. An attacker could potentially use this flaw to crash the patch utility by tricking it into processing crafted patch files.(CVE-2016-10713) A double-free flaw was found in the way the patch utility processed patch files. An attacker could potentially use this flaw to crash the patch utility by tricking it into processing crafted patches.(CVE-2018-6952)
    last seen2020-06-01
    modified2020-06-02
    plugin id130214
    published2019-10-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130214
    titleAmazon Linux 2 : patch (ALAS-2019-1317)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-2033.NASL
    descriptionAn update for patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file). Security Fix(es) : * patch: Out-of-bounds access in pch_write_line function in pch.c (CVE-2016-10713) * patch: Double free of memory in pch.c:another_hunk() causes a crash (CVE-2018-6952) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id128334
    published2019-08-30
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128334
    titleCentOS 7 : patch (CESA-2019:2033)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_791841A3D4844878890992EF9CE424F4.NASL
    descriptionNVD reports : An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a
    last seen2020-06-01
    modified2020-06-02
    plugin id118902
    published2018-11-13
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118902
    titleFreeBSD : patch -- multiple vulnerabilities (791841a3-d484-4878-8909-92ef9ce424f4)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2004.NASL
    descriptionAccording to the versions of the patch package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.(CVE-2015-1395) - A double-free flaw was found in the way the patch utility processed patch files. An attacker could potentially use this flaw to crash the patch utility by tricking it into processing crafted patches.(CVE-2018-6952) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-09-24
    plugin id129197
    published2019-09-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129197
    titleEulerOS 2.0 SP3 : patch (EulerOS-SA-2019-2004)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-90AF6F5B8A.NASL
    descriptionsecurity fix for CVE-2018-6952 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120616
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120616
    titleFedora 29 : patch (2018-90af6f5b8a)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2033.NASL
    descriptionAn update for patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file). Security Fix(es) : * patch: Out-of-bounds access in pch_write_line function in pch.c (CVE-2016-10713) * patch: Double free of memory in pch.c:another_hunk() causes a crash (CVE-2018-6952) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id127652
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127652
    titleRHEL 7 : patch (RHSA-2019:2033)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1312.NASL
    descriptiondo_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638 , but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.(CVE-2018-20969) GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156 . (CVE-2019-13638) A heap-based out-of-bounds read flaw was found in the way the patch utility parsed patch files. An attacker could potentially use this flaw to crash the patch utility by tricking it into processing crafted patch files.(CVE-2016-10713) A double-free flaw was found in the way the patch utility processed patch files. An attacker could potentially use this flaw to crash the patch utility by tricking it into processing crafted patches.(CVE-2018-6952)
    last seen2020-06-01
    modified2020-06-02
    plugin id130282
    published2019-10-28
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130282
    titleAmazon Linux AMI : patch (ALAS-2019-1312)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1801.NASL
    descriptionAccording to the versions of the patch package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.(CVE-2015-1395) - A double-free flaw was found in the way the patch utility processed patch files. An attacker could potentially use this flaw to crash the patch utility by tricking it into processing crafted patches.(CVE-2018-6952) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-08-23
    plugin id128093
    published2019-08-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128093
    titleEulerOS 2.0 SP5 : patch (EulerOS-SA-2019-1801)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-B127E58641.NASL
    descriptionNew upstream release, including security fixes for CVE-2016-10713, CVE-2018-6951, CVE-2018-6952. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-02-21
    plugin id106915
    published2018-02-21
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106915
    titleFedora 27 : patch (2018-b127e58641)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0102.NASL
    descriptionAn update of 'patch' packages of Photon OS has been released.
    last seen2019-02-08
    modified2019-02-07
    plugin id118308
    published2018-10-22
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=118308
    titlePhoton OS 2.0: Patch PHSA-2018-2.0-0102 (deprecated)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0102_PATCH.NASL
    descriptionAn update of the patch package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121998
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121998
    titlePhoton OS 2.0: Patch PHSA-2018-2.0-0102
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0189_PATCH.NASL
    descriptionAn update of the patch package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121891
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121891
    titlePhoton OS 1.0: Patch PHSA-2018-1.0-0189
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-C255F16BFE.NASL
    descriptionSecurity fix for CVE-2018-6951 and CVE-2018-6952 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120761
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120761
    titleFedora 28 : patch (2018-c255f16bfe)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1863.NASL
    descriptionAccording to the versions of the patch package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.(CVE-2015-1395) - A double-free flaw was found in the way the patch utility processed patch files. An attacker could potentially use this flaw to crash the patch utility by tricking it into processing crafted patches.(CVE-2018-6952) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-09-17
    plugin id128915
    published2019-09-17
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128915
    titleEulerOS 2.0 SP2 : patch (EulerOS-SA-2019-1863)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1446.NASL
    descriptionAccording to the versions of the patch package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.(CVE-2018-6952) - Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.(CVE-2015-1395) - An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file.(CVE-2016-10713) - GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.(CVE-2014-9637) - This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.(CVE-2015-1196) - GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.(CVE-2019-13638) - do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.(CVE-2018-20969) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-04-30
    modified2020-04-16
    plugin id135608
    published2020-04-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135608
    titleEulerOS Virtualization 3.0.2.2 : patch (EulerOS-SA-2020-1446)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1922.NASL
    descriptionAccording to the versions of the patch package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A double-free flaw was found in the way the patch utility processed patch files. An attacker could potentially use this flaw to crash the patch utility by tricking it into processing crafted patches.(CVE-2018-6952) - Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.(CVE-2015-1395) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128844
    published2019-09-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128844
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : patch (EulerOS-SA-2019-1922)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0189.NASL
    descriptionAn update of 'patch' packages of Photon OS has been released.
    last seen2019-02-08
    modified2019-02-07
    plugin id118208
    published2018-10-18
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=118208
    titlePhoton OS 1.0: Patch PHSA-2018-1.0-0189 (deprecated)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201904-17.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201904-17 (Patch: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Patch. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id124130
    published2019-04-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124130
    titleGLSA-201904-17 : Patch: Multiple vulnerabilities

Redhat

advisories
bugzilla
id1653294
titlepatch: Gnulib bundled but no bundled(gnulib) provides
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 7 is installed
      ovaloval:com.redhat.rhba:tst:20150364027
    • commentpatch is earlier than 0:2.7.1-11.el7
      ovaloval:com.redhat.rhsa:tst:20192033001
    • commentpatch is signed with Red Hat redhatrelease2 key
      ovaloval:com.redhat.rhsa:tst:20181199002
rhsa
idRHSA-2019:2033
released2019-08-06
severityLow
titleRHSA-2019:2033: patch security and bug fix update (Low)
rpms
  • patch-0:2.7.1-11.el7
  • patch-debuginfo-0:2.7.1-11.el7