Arch Linux Security Advisory ASA-201501-24 ========================================== Severity: Medium Date : 2015-01-28 CVE-ID : CVE-2015-1196 CVE-2014-9637 Package : patch Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package patch before version 2.7.3-1 is vulnerable to directory traversal and denial of service via memory consumption. Resolution ========== Upgrade to 2.7.3-1. # pacman -Syu "patch>=2.7.3-1" The problems have been fixed upstream in version 2.7.3. Workaround ========== None. Description =========== - CVE-2015-1196 (directory traversal) A directory traversal flaw was discovered that allows remote attackers to write to arbitrary files via a symlink attack in a patch file. This could allow an attacker to overwrite arbitrary files by applying a specially crafted patch, with the privileges of the user running patch. - CVE-2014-9637 (denial of service) It was reported that a crafted patch file can consume all available memory and later segfault resulting in denial of service. Impact ====== A remote attacker is able to write to arbitrary files via a symlink attack or consume all available memory via a crafted patch file leading to denial of service. References ========== http://seclists.org/oss-sec/2015/q1/173 http://seclists.org/oss-sec/2015/q1/218 https://savannah.gnu.org/bugs/?44051 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1196 https://access.redhat.com/security/cve/CVE-2014-9637