[arch-security] [ASA-201501-24] patch: multiple issues
Levente Polyak
anthraxx at archlinux.org
Wed Jan 28 00:43:23 UTC 2015
Arch Linux Security Advisory ASA-201501-24
==========================================
Severity: Medium
Date : 2015-01-28
CVE-ID : CVE-2015-1196 CVE-2014-9637
Package : patch
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
Summary
=======
The package patch before version 2.7.3-1 is vulnerable to directory
traversal and denial of service via memory consumption.
Resolution
==========
Upgrade to 2.7.3-1.
# pacman -Syu "patch>=2.7.3-1"
The problems have been fixed upstream in version 2.7.3.
Workaround
==========
None.
Description
===========
- CVE-2015-1196 (directory traversal)
A directory traversal flaw was discovered that allows remote attackers
to write to arbitrary files via a symlink attack in a patch file. This
could allow an attacker to overwrite arbitrary files by applying a
specially crafted patch, with the privileges of the user running patch.
- CVE-2014-9637 (denial of service)
It was reported that a crafted patch file can consume all available
memory and later segfault resulting in denial of service.
Impact
======
A remote attacker is able to write to arbitrary files via a symlink
attack or consume all available memory via a crafted patch file leading
to denial of service.
References
==========
http://seclists.org/oss-sec/2015/q1/173
http://seclists.org/oss-sec/2015/q1/218
https://savannah.gnu.org/bugs/?44051
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1196
https://access.redhat.com/security/cve/CVE-2014-9637
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20150128/a55fc050/attachment.asc>
More information about the arch-security
mailing list