rpm package
suse/patch&distro=SUSE Linux Enterprise Server 11 SP3-TERADATA
pkg:rpm/suse/patch&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATA
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-1000156 | Hig | 7.8 | < 2.5.9-252.22.7.1 | 2.5.9-252.22.7.1 | Apr 6, 2018 | GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is simil | |
| CVE-2016-10713 | Med | 5.5 | < 2.5.9-252.22.7.1 | 2.5.9-252.22.7.1 | Feb 13, 2018 | An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file. | |
| CVE-2014-9637 | Med | 5.5 | < 2.5.9-252.22.7.1 | 2.5.9-252.22.7.1 | Aug 25, 2017 | GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file. | |
| CVE-2010-4651 | — | < 2.5.9-252.22.7.1 | 2.5.9-252.22.7.1 | Mar 11, 2011 | Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679. |
- affected < 2.5.9-252.22.7.1fixed 2.5.9-252.22.7.1
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is simil
- affected < 2.5.9-252.22.7.1fixed 2.5.9-252.22.7.1
An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file.
- affected < 2.5.9-252.22.7.1fixed 2.5.9-252.22.7.1
GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.
- CVE-2010-4651Mar 11, 2011affected < 2.5.9-252.22.7.1fixed 2.5.9-252.22.7.1
Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679.