Mandriva Linux Security Advisory : patch (MDVSA-2015:050)
Medium Nessus Plugin ID 81933
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionUpdated patch package fixes security vulnerabilities :
It was reported that a crafted diff file can make patch eat memory and later segfault (CVE-2014-9637).
It was reported that the versions of the patch utility that support Git-style patches are vulnerable to a directory traversal flaw. This could allow an attacker to overwrite arbitrary files by applying a specially crafted patch, with the privileges of the user running patch (CVE-2015-1395).
GNU patch before 2.7.4 allows remote attackers to write to arbitrary files via a symlink attack in a patch file (CVE-2015-1196).
SolutionUpdate the affected patch package.