Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!Close

CVE-2015-1416

Published: 5 February 2018

Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file.

Notes

AuthorNote
seth-arnold 
MITRE defined this CVE for version < 2.3 but didn't inspect newer
versions for similar flaws.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
patch
Launchpad, Ubuntu, Debian 		upstream
Released (2.5-1)
precise Not vulnerable
(2.6.1-3ubuntu0.1)
trusty Not vulnerable

vivid Not vulnerable

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading