{"id":"MGASA-2015-0068","summary":"Updated patch packages fix security vulnerabilities","details":"Updated patch package fixes security vulnerabilities:\n\nIt was reported that a crafted diff file can make patch eat memory and later\nsegfault (CVE-2014-9637).\n\nIt was reported that the versions of the patch utility that support Git-style\npatches are vulnerable to a directory traversal flaw. This could allow an\nattacker to overwrite arbitrary files by applying a specially crafted patch,\nwith the privileges of the user running patch (CVE-2015-1395).\n\nGNU patch before 2.7.4 allows remote attackers to write to arbitrary files via\na symlink attack in a patch file (CVE-2015-1196).\n","modified":"2026-04-16T01:45:56.138605520Z","published":"2015-02-17T18:38:13Z","upstream":["CVE-2014-9637","CVE-2015-1196","CVE-2015-1395"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0068.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=15142"},{"type":"WEB","url":"https://lists.fedoraproject.org/pipermail/package-announce/2015-January/148953.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/pipermail/package-announce/2015-February/149140.html"}],"affected":[{"package":{"name":"patch","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/patch?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.4-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0068.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}