Bug 1080918 - (CVE-2016-10713) VUL-1: CVE-2016-10713: patch: Out-of-bounds access in pch_write_line() in pch.c can to DoS
(CVE-2016-10713)
VUL-1: CVE-2016-10713: patch: Out-of-bounds access in pch_write_line() in pch...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/199935/
CVSSv3:SUSE:CVE-2016-10713:4.3:(AV:N/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-02-14 07:50 UTC by Johannes Segitz
Modified: 2020-06-14 05:11 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
patch-heapoverflow-pch_write_line.diff (20 bytes, patch)
2018-05-07 12:54 UTC, Marcus Meissner
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2018-02-14 07:50:41 UTC
CVE-2016-10713

An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within
pch_write_line() in pch.c can possibly lead to DoS via a crafted input file.

SLE 10 up to 12 affected.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10713
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10713.html
https://git.savannah.gnu.org/cgit/patch.git/commit/src/pch.c?id=a0d7fe4589651c64bd16ddaaa634030bb0455866
Comment 2 Swamp Workflow Management 2018-03-21 19:50:06 UTC
This is an autogenerated message for OBS integration:
This bug (1080918) was mentioned in
https://build.opensuse.org/request/show/589801 Factory / patch
Comment 3 Swamp Workflow Management 2018-03-23 09:50:05 UTC
This is an autogenerated message for OBS integration:
This bug (1080918) was mentioned in
https://build.opensuse.org/request/show/590591 Factory / patch
Comment 9 Swamp Workflow Management 2018-05-02 19:08:16 UTC
SUSE-SU-2018:1128-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1080918,1080951,1088420
CVE References: CVE-2016-10713,CVE-2018-1000156,CVE-2018-6951
Sources used:
SUSE Linux Enterprise Server 12-SP3 (src):    patch-2.7.5-8.5.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    patch-2.7.5-8.5.1
Comment 10 Swamp Workflow Management 2018-05-03 10:08:38 UTC
openSUSE-SU-2018:1137-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1080918,1080951,1088420
CVE References: CVE-2016-10713,CVE-2018-1000156,CVE-2018-6951
Sources used:
openSUSE Leap 42.3 (src):    patch-2.7.5-9.3.1
Comment 11 Marcus Meissner 2018-05-07 12:54:15 UTC
Created attachment 769222 [details]
patch-heapoverflow-pch_write_line.diff

QA REPRODUCER:

touch empty
valgrind patch -R <patch-heapoverflow-pch_write_line.diff empty

press return twice to apply it

meissner@shran:~> valgrind patch -R <~/Downloads/patch-heapoverflow-pch_write_line.diff foo
==3135== Memcheck, a memory error detector
==3135== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==3135== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==3135== Command: patch -R foo
==3135== 
missing header for unified diff at line 2 of patch
patching file foo
Unreversed patch detected!  Ignore -R? [n]  
Apply anyway? [n] 
Skipping patch.
==3135== Invalid read of size 1
==3135==    at 0x4089F2: ??? (in /usr/bin/patch)
==3135==    by 0x4069B9: ??? (in /usr/bin/patch)
==3135==    by 0x40718F: ??? (in /usr/bin/patch)
==3135==    by 0x4E50C35: (below main) (in /lib64/libc-2.11.3.so)

The invalid read should not be printed.
Comment 12 Swamp Workflow Management 2018-05-07 19:07:50 UTC
SUSE-SU-2018:1162-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1059698,1080918,1088420,662957,914891
CVE References: CVE-2010-4651,CVE-2014-9637,CVE-2016-10713,CVE-2018-1000156
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    patch-2.5.9-252.22.7.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    patch-2.5.9-252.22.7.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    patch-2.5.9-252.22.7.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    patch-2.5.9-252.22.7.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    patch-2.5.9-252.22.7.1
Comment 13 Jean Delvare 2018-05-18 08:06:25 UTC
Fix released.
Comment 15 Marcus Meissner 2018-09-07 12:47:40 UTC
done