Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 647794 - <sys-devel/patch-2.7.6-r3: NULL pointer dereference in pch.c:intuit_diff_type() causes a crash (CVE-2018-6951)
Summary: <sys-devel/patch-2.7.6-r3: NULL pointer dereference in pch.c:intuit_diff_type...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL:
Whiteboard: A3 [glsa+ cve]
Keywords:
Depends on: CVE-2018-1000156
Blocks:
  Show dependency tree
 
Reported: 2018-02-16 00:35 UTC by GLSAMaker/CVETool Bot
Modified: 2019-04-17 18:30 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-02-16 00:35:45 UTC
CVE-2018-6951 (https://nvd.nist.gov/vuln/detail/CVE-2018-6951):
  An issue was discovered in GNU patch through 2.7.6. There is a segmentation
  fault, associated with a NULL pointer dereference, leading to a denial of
  service in the intuit_diff_type function in pch.c, aka a "mangled rename"
  issue.
Comment 1 Aaron Bauman (RETIRED) gentoo-dev 2019-03-24 04:09:01 UTC
Upstream fix:

http://git.savannah.nongnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a

Hopefully next release.
Comment 2 Larry the Git Cow gentoo-dev 2019-03-28 00:33:22 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5c55ece4eee17a954740b8ecc03b1cb8ed58c123

commit 5c55ece4eee17a954740b8ecc03b1cb8ed58c123
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2019-03-28 00:32:30 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2019-03-28 00:33:05 +0000

    sys-devel/patch: add patches for CVE-2018-{6951,6952}, CVE-2018-1000156
    
    Bug: https://bugs.gentoo.org/647792
    Bug: https://bugs.gentoo.org/647794
    Bug: https://bugs.gentoo.org/652710
    Package-Manager: Portage-2.3.62, Repoman-2.3.12
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 .../patch/files/patch-2.7.6-CVE-2018-1000156.patch | 150 +++++++++++++++++++++
 .../patch/files/patch-2.7.6-CVE-2018-6951.patch    |  29 ++++
 .../patch/files/patch-2.7.6-CVE-2018-6952.patch    |  30 +++++
 ...-files-to-be-missing-for-ed-style-patches.patch |  25 ++++
 sys-devel/patch/patch-2.7.6-r3.ebuild              |  40 ++++++
 5 files changed, 274 insertions(+)
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2019-04-17 18:30:06 UTC
This issue was resolved and addressed in
 GLSA 201904-17 at https://security.gentoo.org/glsa/201904-17
by GLSA coordinator Aaron Bauman (b-man).