SUSE-SU-2022:1925-1
- Source
- https://www.suse.com/support/update/announcement/2022/suse-su-20221925-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:1925-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2022:1925-1
- Related
- Published
- 2022-06-02T12:35:31Z
- Modified
- 2022-06-02T12:35:31Z
- Summary
- Security update for patch
- Details
-
This update for patch fixes the following issues:
Security issues fixed:
- CVE-2019-13636: Fixed follow symlinks unless --follow-symlinks is given. This increases the security against malicious patches (bsc#1142041).
- CVE-2018-6952: Fixed swapping fakelines in pch_swap. This bug was causing a double free leading to a crash (bsc#1080985).
Bugfixes:
- Abort when cleaning up fails. This bug could cause an infinite loop when a patch wouldn't apply, leading to a segmentation fault (bsc#1111572).
- Pass the correct stat to backup files. This bug would occasionally cause backup files to be missing when all hunks failed to apply (bsc#1198106).
- References
-
- https://www.suse.com/support/update/announcement/2022/suse-su-20221925-1/
- https://bugzilla.suse.com/1080985
- https://bugzilla.suse.com/1111572
- https://bugzilla.suse.com/1142041
- https://bugzilla.suse.com/1198106
- https://www.suse.com/security/cve/CVE-2018-6952
- https://www.suse.com/security/cve/CVE-2019-13636
Affected packages
SUSE:Linux Enterprise Module for Basesystem 15 SP3 / patch
Package
- Name
- patch
- Purl
- pkg:rpm/suse/patch&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3
SUSE:Linux Enterprise Module for Basesystem 15 SP4 / patch
Package
- Name
- patch
- Purl
- pkg:rpm/suse/patch&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4
openSUSE:Leap 15.3 / patch
Package
- Name
- patch
- Purl
- pkg:rpm/opensuse/patch&distro=openSUSE%20Leap%2015.3