Bugzilla – Bug 1080985
VUL-1: CVE-2018-6952: patch: Double free of memory in pch.c:another_hunk() causes a crash
Last modified: 2022-06-08 14:08:41 UTC
Created attachment 760131 [details] Reproducer rh#1545053 A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. SLE 10 up to SLE 12 affected. patch < doublefree-another_hunk.patch Reproducer doesn't trigger without ASAN. References: https://bugzilla.redhat.com/show_bug.cgi?id=1545053 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6952 http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6952.html http://www.cvedetails.com/cve/CVE-2018-6952/ https://savannah.gnu.org/bugs/index.php?53133
(In reply to Johannes Segitz from comment #0) > Reproducer doesn't trigger without ASAN. What is ASAN?
(In reply to Jean Delvare from comment #1) Address Sanitizer, a compiler flag that detects use-after-free/double-free and many other problems.
QA REPRODUCER: valgrind patch <xx.patch nonexisting should not show ==11561== Invalid free() / delete / delete[] / realloc()
The upstream commit 9c986353e420ead6e706262bf204d6e03322c300 [1] intends to fix CVE-2018-6952. However the fix is incomplete and leaves room for a new vulnerability: CVE-2019-20633 [2]. [1] http://git.savannah.nongnu.org/cgit/patch.git/commit/?id=9c986353e420ead6e706262bf204d6e03322c300 [2] https://bugzilla.suse.com/show_bug.cgi?id=1167721
This is an autogenerated message for OBS integration: This bug (1080985) was mentioned in https://build.opensuse.org/request/show/976181 Factory / patch
SUSE-SU-2022:1925-1: An update that solves two vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1080985,1111572,1142041,1198106 CVE References: CVE-2018-6952,CVE-2019-13636 JIRA References: Sources used: openSUSE Leap 15.4 (src): patch-2.7.6-150000.5.3.1 openSUSE Leap 15.3 (src): patch-2.7.6-150000.5.3.1 SUSE Linux Enterprise Module for Basesystem 15-SP4 (src): patch-2.7.6-150000.5.3.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): patch-2.7.6-150000.5.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1932-1: An update that solves two vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1080985,1092500,1142041,1198106 CVE References: CVE-2018-6952,CVE-2019-13636 JIRA References: Sources used: SUSE Linux Enterprise Server 12-SP5 (src): patch-2.7.5-8.8.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Fix released -> closing.