Debian Security Advisory

DLA-1348-1 patch -- LTS security update

Date Reported:
16 Apr 2018
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2018-1000156.
More information:

It was discovered that there was an input validation vulnerability in the patch(1) utility where an ed(1) script embedded in a regular input file could result in arbitrary code execution. This was reported by Rachel Kroll [0] et al.

For Debian 7 Wheezy, this issue has been fixed in patch version 2.6.1-3+deb7u1.

We recommend that you upgrade your patch packages.