CVE-2015-1196 – Mandriva Linux Security Advisory 2015-138

https://notcve.org/view.php?id=CVE-2015-1196

21 Jan 2015 — GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. El parche de GNU 2.7.1 permite a atacantes remotos escribir a ficheros arbitrarios a través de un ataque de enlace simbólico en un fichero del parche. Jakub Wilk discovered that GNU patch did not correctly handle file paths in patch files. An attacker could specially craft a patch file that could overwrite arbitrary files with the privileges of the user invoking the program. This issue only affected Ubu... • http://git.savannah.gnu.org/cgit/patch.git/commit/?id=4e9269a5fc1fe80a1095a92593dd85db871e1fd3 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •