drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in patch
Name: |
Mehrere Probleme in patch |
|
ID: |
USN-2651-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 14.10 |
|
Datum: |
Di, 23. Juni 2015, 08:31 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4651
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1395
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1396 |
|
Applikationen: |
patch |
|
Originalnachricht |
--===============5838188491626630142== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="GvXjxJ+pjyke8COw" Content-Disposition: inline
--GvXjxJ+pjyke8COw Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inlin Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-2651-1 June 22, 2015
patch vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in GNU patch.
Software Description: - patch: Apply a diff file to an original
Details:
Jakub Wilk discovered that GNU patch did not correctly handle file paths in patch files. An attacker could specially craft a patch file that could overwrite arbitrary files with the privileges of the user invoking the program. This issue only affected Ubuntu 12.04 LTS. (CVE-2010-4651)
László Böszörményi discovered that GNU patch did not correctly handle some patch files. An attacker could specially craft a patch file that could cause a denial of service. (CVE-2014-9637)
Jakub Wilk discovered that GNU patch did not correctly handle symbolic links in git style patch files. An attacker could specially craft a patch file that could overwrite arbitrary files with the privileges of the user invoking the program. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-1196)
Jakub Wilk discovered that GNU patch did not correctly handle file renames in git style patch files. An attacker could specially craft a patch file that could overwrite arbitrary files with the privileges of the user invoking the program. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-1395)
Jakub Wilk discovered the fix for CVE-2015-1196 was incomplete for GNU patch. An attacker could specially craft a patch file that could overwrite arbitrary files with the privileges of the user invoking the program. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-1396)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.10: patch 2.7.1-5ubuntu0.3
Ubuntu 14.04 LTS: patch 2.7.1-4ubuntu2.3
Ubuntu 12.04 LTS: patch 2.6.1-3ubuntu0.1
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2651-1 CVE-2010-4651, CVE-2014-9637, CVE-2015-1196, CVE-2015-1395, CVE-2015-1396
Package Information: https://launchpad.net/ubuntu/+source/patch/2.7.1-5ubuntu0.3 https://launchpad.net/ubuntu/+source/patch/2.7.1-4ubuntu2.3 https://launchpad.net/ubuntu/+source/patch/2.6.1-3ubuntu0.1
--GvXjxJ+pjyke8COw Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJViJ/iAAoJENaSAD2qAscKe7QQAMIvkGP00lxcY5nNf7NZKH4E LPzd+J9n7j6BYizUgmyEK9NRLB0CwSzZpP4ez8ZcdC6iyQtqvDzcAsOgex4qKp51 0tqoFyJ+aRgGwfp+TM6AwBj3PO9HtI2EvYZlO/99TDc9VS5SwAliao1eGejgSjB7 m4vpf7DokGEdNXiTHsfXBEQm4cO0u+J54PXthxd+Wx87Ihiv5yOvgWGO0K9/lupn hmEeRPxNHlO9mwYvzunXG9QlVT6Vw4MDIe/QfwtboXQwtP4jxYIFWwJPMQug2nOs kWwgHENsQ8V8bLFDQ65U3+dV7JqXjFz5wZW0AiNFb0onvSw/3NG+XCzXRsBMbZ+d GeCsFgI6n7c3L/QqaIAX73CI++72maSgYNEoEPUXeDAlvc2NPhwd9WGOHwnNY+Zk FYTJLF5rpfMFVUrO1OB9Pc9rl7xXss14bh/8immFq2cyQsCd5L5w+nkmWDlQZL7I PSL8qdbNfLABeCERFqzz5e6qe36GAm9S6eJLKp4DjfErEJ6+mIwq1BQTfwY0pzyv Gm5xbwmtfCs8Z3gQrNZhSsdQGBFXaxoemRdYCshYzsNsch0SgN2rE9cbMKwCgXjp 0o8iSAmsEOVacGTwA0kt+oKJCxkiG2QEy+o7YKmcLVitHDwe6jTAjR3EA+sqEFlt NYsIVPEvTmZwD80JXna1 =DmkT -----END PGP SIGNATURE-----
--GvXjxJ+pjyke8COw--
--===============5838188491626630142== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============5838188491626630142==--
|
|
|
|