[3.5] patch: Multiple vulnerabilities (CVE-2016-10713, CVE-2018-6951, CVE-2018-6952)
CVE-2016-10713: Out-of-bounds access in pch_write_line function in pch.c
A flaw was found in GNU patch before 2.7.6. An Out-of-bounds access
within pch_write_line() function
in pch.c file which can lead to a Denial of Service via a crafted input
file.
References:
http://savannah.gnu.org/bugs/?53132
Patch:
https://bugzilla.redhat.com/show\_bug.cgi?id=1545405
CVE-2018-6951: NULL pointer dereference in pch.c:intuit_diff_type() causes a crash
GNU patch through version 2.7.6 in pch.c:intuit_diff_type() is
vulnerable to a crash
caused by malicious patch file.
References:
https://savannah.gnu.org/bugs/index.php?53132
Patch:
https://git.savannah.gnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a
CVE-2018-6952: Double free of memory in pch.c:another_hunk() causes a crash
GNU patch through version 2.7.6 is vulnerable to a double freeing of
memory when
supplied a crafted patch file leading to a crash.
References:
https://savannah.gnu.org/bugs/index.php?53133
(from redmine: issue id 8565, created on 2018-02-23, closed on 2019-05-04)
- Relations:
- parent #8562
- Changesets:
- Revision 28c10738 on 2018-02-28T13:50:14Z:
main/patch: security fix (CVE-2018-6951)
Partially fixes #8565
Patch for CVE-2018-6952 not yet available:
https://savannah.gnu.org/bugs/index.php?53133
- Revision 84c727e6 on 2018-02-28T13:56:44Z:
main/patch: security fix (CVE-2016-10713)
Partially fixes #8565