Bug 1733916 (CVE-2019-13638)
| Summary: | CVE-2019-13638 patch: OS shell command injection when processing crafted patch files | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | dmoppert, than, twaugh |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in GNU patch through version 2.7.6. An ed-style diff payload patch file with shell metacharacters can be used to inject OS shell commands into a system. The ed editor does not need to be present on the vulnerable system for this attack to function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-09-19 06:45:33 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1733917, 1734832, 1734833, 1747863, 1747864, 1747865, 1747866, 1759538, 1759539, 1759549, 1764222 | ||
| Bug Blocks: | 1731850 | ||
|
Description
Dhananjay Arunesh
2019-07-29 08:24:07 UTC
Created patch tracking bugs for this issue: Affects: fedora-all [bug 1733917] During patch file processing, patch application calls the 'ed' file editor. As the invocation was done using a shell command to spawn an ed processm patch was susceptible to command injection via crafted patch files. An attacker may use this weakness to run arbitrary shell command when the user is applying patch files. This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:2798 https://access.redhat.com/errata/RHSA-2019:2798 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-13638 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2964 https://access.redhat.com/errata/RHSA-2019:2964 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.5 Extended Update Support Via RHSA-2019:3757 https://access.redhat.com/errata/RHSA-2019:3757 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2019:3758 https://access.redhat.com/errata/RHSA-2019:3758 The version of patch shipped with Red Hat Enterprise Linux 6 is not affected. The vulnerability was introduced on upstream's patch version 2.7 while RHEL6 ships version 2.6.x from patch. This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2019:4061 https://access.redhat.com/errata/RHSA-2019:4061 Statement: Red Hat Enterprise Linux 6 is not affected by this vulnerability as the shipped version of patch did not carry the code that introduced this flaw. |