CVE-2015-1196

Publication date 21 January 2015

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.

Read the notes from the security team

Status

Package Ubuntu Release Status
patch 15.04 vivid
Fixed 2.7.3-1
14.10 utopic
Fixed 2.7.1-5ubuntu0.3
14.04 LTS trusty
Fixed 2.7.1-4ubuntu2.3
12.04 LTS precise
Not affected
10.04 LTS lucid
Not affected

Notes

mdeslaur

git-style patch support added in 2.7 no upstream fix as of 2015-01-19

seth-arnold

fix for the fix http://git.savannah.gnu.org/cgit/patch.git/commit/?id=41688ad8ef88bc296f3bed30b171ec73e5876b88

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
patch

References

Related Ubuntu Security Notices (USN)

    • USN-2651-1
    • GNU patch vulnerabilities
    • 22 June 2015

Other references