FreeBSD has issued a Security Advisory concerning a shell injection vulnerability in patch(1). Please see below on how to apply the patches.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:18.bsdpatch Security Advisory The FreeBSD Project Topic: shell injection vulnerability in patch(1) Category: contrib Module: patch Announced: 2015-08-05 Credits: Martin Natano Affects: FreeBSD 10.x. Corrected: 2015-08-05 22:05:02 UTC (stable/10, 10.2-PRERELEASE) 2015-08-05 22:05:02 UTC (stable/10, 10.2-BETA2-p3) 2015-08-05 22:05:12 UTC (releng/10.2, 10.2-RC1-p2) 2015-08-05 22:05:12 UTC (releng/10.2, 10.2-RC2-p1) 2015-08-05 22:05:18 UTC (releng/10.1, 10.1-RELEASE-p17) CVE Name: CVE-2015-1418 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. I. Background The patch(1) utility takes a patch file produced by the diff(1) program and apply the differences to an original file, producing a patched version. The patch(1) utility supports patches that uses ed(1) script format, as required by the POSIX.1-2008 standard. ed(1) is a line-oriented text editor. II. Problem Description