Martin Natano

**Name of the Vulnerable Software and Affected Versions** FreeBSD versions prior to 10.2-RC1-p1 FreeBSD versions prior to 10.2-BETA2-p2 FreeBSD versions prior to 10.1-RELEASE-p16 GNU patch versions prior to 2.2.5 Bitrig (affected versions not specified) Larry Wall's patch (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary shell commands via a crafted patch file. **Recommendations** For FreeBSD versions prior to 10.2-RC1-p1, update to 10.2-RC1-p1 or later. For FreeBSD versions prior to 10.2-BETA2-p2, update to 10.2-BETA2-p2 or later. For FreeBSD versions prior to 10.1-RELEASE-p16, update to 10.1-RELEASE-p16 or later. For GNU patch versions prior to 2.2.5, update to 2.2.5 or later. For Bitrig and Larry Wall's patch, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** GNU patch versions through 2.7.6 patch in FreeBSD versions prior to 10.1-RELEASE-p17 patch in FreeBSD 10.2 versions prior to 10.2-BETA2-p3 patch in FreeBSD 10.2-RC1 versions prior to 10.2-RC1-p2 patch in FreeBSD 0.2-RC2 versions prior to 10.2-RC2-p1 **Description** The issue allows remote attackers to execute arbitrary commands via a crafted patch file. This is possible because a '!' character can be passed to the `ed` program through the `do ed script` function in `pch.c`. **Recommendations** For GNU patch versions through 2.7.6, update to a version later than 2.7.6. For patch in FreeBSD versions prior to 10.1-RELEASE-p17, update to 10.1-RELEASE-p17 or later. For patch in FreeBSD 10.2 versions prior to 10.2-BETA2-p3, update to 10.2-BETA2-p3 or later. For patch in FreeBSD 10.2-RC1 versions prior to 10.2-RC1-p2, update to 10.2-RC1-p2 or later. For patch in FreeBSD 0.2-RC2 versions prior to 10.2-RC2-p1, update to 10.2-RC2-p1 or later.