ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2020.0093
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2020-0093)
Resumen:	The remote host is missing an update for the 'patch' package(s) announced via the MGASA-2020-0093 advisory.
Descripción:	Summary: The remote host is missing an update for the 'patch' package(s) announced via the MGASA-2020-0093 advisory. Vulnerability Insight: Updated patch package fixes security vulnerabilities: * In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. (CVE-2019-13636). * A vulnerability was found in GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters (CVE-2019-13638). * A vulnerability was found in do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter (CVE-2018-20969). Affected Software/OS: 'patch' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-20969 Bugtraq: 20190816 Details about recent GNU patch vulnerabilities (Google Search) https://seclists.org/bugtraq/2019/Aug/29 http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0 https://github.com/irsl/gnu-patch-vulnerabilities RedHat Security Advisories: RHSA-2019:2798 https://access.redhat.com/errata/RHSA-2019:2798 RedHat Security Advisories: RHSA-2019:2964 https://access.redhat.com/errata/RHSA-2019:2964 RedHat Security Advisories: RHSA-2019:3757 https://access.redhat.com/errata/RHSA-2019:3757 RedHat Security Advisories: RHSA-2019:3758 https://access.redhat.com/errata/RHSA-2019:3758 RedHat Security Advisories: RHSA-2019:4061 https://access.redhat.com/errata/RHSA-2019:4061 Common Vulnerability Exposure (CVE) ID: CVE-2019-13636 Bugtraq: 20190730 [SECURITY] [DSA 4489-1] patch security update (Google Search) https://seclists.org/bugtraq/2019/Jul/54 Debian Security Information: DSA-4489 (Google Search) https://www.debian.org/security/2019/dsa-4489 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVWWGISFWACROJJPVJJL4UBLVZ7LPOLT/ https://security.gentoo.org/glsa/201908-22 https://git.savannah.gnu.org/cgit/patch.git/commit/?id=dce4683cbbe107a95f1f0d45fabc304acfb5d71a https://lists.debian.org/debian-lts-announce/2019/07/msg00016.html https://usn.ubuntu.com/4071-1/ https://usn.ubuntu.com/4071-2/ Common Vulnerability Exposure (CVE) ID: CVE-2019-13638 https://security-tracker.debian.org/tracker/CVE-2019-13638
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.