Your submission was sent successfully! Close

CVE-2015-1196

Published: 21 January 2015

GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.

Notes

AuthorNote
mdeslaur 
git-style patch support added in 2.7
no upstream fix as of 2015-01-19
seth-arnold 
fix for the fix http://git.savannah.gnu.org/cgit/patch.git/commit/?id=41688ad8ef88bc296f3bed30b171ec73e5876b88
Priority

Medium

Status

Package Release Status
patch
Launchpad, Ubuntu, Debian 		lucid Not vulnerable
(2.6-2ubuntu1)
precise Not vulnerable
(2.6.1-3)
trusty
Released (2.7.1-4ubuntu2.3)
upstream
Released (2.7.1-7)
utopic
Released (2.7.1-5ubuntu0.3)
vivid
Released (2.7.3-1)
Patches:
upstream: http://git.savannah.gnu.org/cgit/patch.git/commit/?id=4e9269a5fc1fe80a1095a92593dd85db871e1fd3

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading