CVE-2015-1418

Name of the Vulnerable Software and Affected Versions GNU patch versions through 2.7.6 patch in FreeBSD versions prior to 10.1-RELEASE-p17 patch in FreeBSD 10.2 versions prior to 10.2-BETA2-p3 patch in FreeBSD 10.2-RC1 versions prior to 10.2-RC1-p2 patch in FreeBSD 0.2-RC2 versions prior to 10.2-RC2-p1

Description The issue allows remote attackers to execute arbitrary commands via a crafted patch file. This is possible because a '!' character can be passed to the ed program through the do ed script function in pch.c.

Recommendations For GNU patch versions through 2.7.6, update to a version later than 2.7.6. For patch in FreeBSD versions prior to 10.1-RELEASE-p17, update to 10.1-RELEASE-p17 or later. For patch in FreeBSD 10.2 versions prior to 10.2-BETA2-p3, update to 10.2-BETA2-p3 or later. For patch in FreeBSD 10.2-RC1 versions prior to 10.2-RC1-p2, update to 10.2-RC1-p2 or later. For patch in FreeBSD 0.2-RC2 versions prior to 10.2-RC2-p1, update to 10.2-RC2-p1 or later.