Fedora has issued an advisory today (October 15): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DTAZPKCAJTAOK6CYQP7SPWNXDIAG4A37/ Mageia 6 is also affected.
Whiteboard: (none) => MGA6TOO
Assigning to the registered maintainer.
CC: (none) => marja11Assignee: bugsquad => tmb
CVE-2018-6951 is fixed by upstream patch: https://git.savannah.gnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a CVE-2018-6952 is fixed by upstream patch: http://git.savannah.gnu.org/cgit/patch.git/commit/?id=9c986353e420ead6e706262bf204d6e03322c300 Pushing patch-2.7.6-4.mga7 to cauldron.
Status: NEW => ASSIGNEDVersion: Cauldron => 6CC: (none) => brunoAssignee: tmb => brunoWhiteboard: MGA6TOO => (none)
patch-2.7.6-1.1.mga6 on its way for testing_updates for mga6
Assignee: bruno => qa-bugs
Advisory: ======================== Updated patch packages fix security vulnerabilities: A NULL pointer dereference flaw was found in the way patch processed patch files. An attacker could potentially use this flaw to crash patch by tricking it into processing crafted patches (CVE-2018-6951). A double-free flaw was found in the way the patch utility processed patch files. An attacker could potentially use this flaw to crash the patch utility by tricking it into processing crafted patches (CVE-2018-6952). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6951 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6952 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DTAZPKCAJTAOK6CYQP7SPWNXDIAG4A37/ ======================== Updated packages in core/updates_testing: ======================== patch-2.7.6-1.1.mga6 from patch-2.7.6-1.1.mga6.src.rpm
MGA6-32 MATE on IBM Thinkpad R50e No installation issues Followed test as per bug 22587 Comment 11 $ mkdir dir1 $ ln -s dir1 dir2 $ echo a > dir2/a $ echo b > dir2/b $ diff -u dir2/a dir2/b > foo.diff $ patch -p0 < foo.diff patching file dir2/a $ more dir2/a b OK for me.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA6-32-OK
Thank you Herman for the test. Advisoried from comment 4; and validating.
Keywords: (none) => advisory, validated_updateCC: (none) => lewyssmith, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0448.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED