python-patch icon indicating copy to clipboard operation
python-patch copied to clipboard
verified publisher icon techtonik

CVE (security issues) of Linux patch utility

Open techtonik opened this issue 10 years ago • 1 comments

One of the reasons why patch.py was started was insecurity of running Unix patch utility on web server. In 2015 the Unix patch still has security issues. So it is important to put them into checklist and cover with tests to ensure that patch.py doesn't have those deficiencies. Here is the starting list that came today with Ubuntu update:

Version 2.7.1-4ubuntu2.3:

  • SECURITY UPDATE: Denial of service via crafted patch
    • debian/patches/CVE-2014-9637.patch: Detect and exit upon memory allocation failures
    • CVE-2014-9637
  • SECURITY UPDATE: Directory traversal via crafted patch
    • debian/patches/CVE-2015-1196.patch: Don't allow symlink targets to point outside of the current directory
    • CVE-2015-1196
  • SECURITY UPDATE: Directory traversal via crafted patch
    • debian/patches/CVE-2015-1395.patch: Check the validity of both filenames during a rename or copy
    • CVE-2015-1395
  • SECURITY UPDATE: Directory traversal via crafted patch
    • debian/patches/CVE-2015-1396.patch: Don't allow symlink targets to point outside of the current directory. This patch corrects the incomplete fix for CVE-2015-1196.
    • CVE-2015-1396

techtonik avatar Jun 24 '15 12:06 techtonik

There are still problems 4 years after - #65

techtonik avatar Aug 28 '19 15:08 techtonik