SUSE-SU-2015:1019-1
- Source
- https://www.suse.com/support/update/announcement/2015/suse-su-20151019-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:1019-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2015:1019-1
- Related
- Published
- 2015-06-03T12:13:47Z
- Modified
- 2015-06-03T12:13:47Z
- Summary
- Security update for patch
- Details
-
The GNU patch utility was updated to 2.7.5 to fix three security issues and one non-security bug.
The following vulnerabilities were fixed:
- CVE-2015-1196: directory traversal flaw when handling git-style patches. This could allow an attacker to overwrite arbitrary files by tricking the user into applying a specially crafted patch. (bsc#913678)
- CVE-2015-1395: directory traversal flaw when handling patches which rename files. This could allow an attacker to overwrite arbitrary files by tricking the user into applying a specially crafted patch. (bsc#915328)
- CVE-2015-1396: directory traversal flaw via symbolic links. This could allow an attacker to overwrite arbitrary files by tricking the user into applying a by applying a specially crafted patch. (bsc#915329)
The following bug was fixed:
- bsc#904519: Function names in hunks (from diff -p) are now preserved in reject files.
- References
-
- https://www.suse.com/support/update/announcement/2015/suse-su-20151019-1/
- https://bugzilla.suse.com/904519
- https://bugzilla.suse.com/913678
- https://bugzilla.suse.com/915328
- https://bugzilla.suse.com/915329
- https://www.suse.com/security/cve/CVE-2015-1196
- https://www.suse.com/security/cve/CVE-2015-1395
- https://www.suse.com/security/cve/CVE-2015-1396
Affected packages
SUSE:Linux Enterprise Desktop 12 / patch
Package
- Name
- patch
- Purl
- pkg:rpm/suse/patch&distro=SUSE%20Linux%20Enterprise%20Desktop%2012
SUSE:Linux Enterprise Server 12 / patch
Package
- Name
- patch
- Purl
- pkg:rpm/suse/patch&distro=SUSE%20Linux%20Enterprise%20Server%2012