| Revision Date: | 2015-06-03 | Version: | 1 |
| Title: | Security update for patch (Moderate) |
| Description: |
The GNU patch utility was updated to 2.7.5 to fix three security issues and one non-security bug.
The following vulnerabilities were fixed:
CVE-2015-1196: directory traversal flaw when handling git-style patches. This could allow an attacker to overwrite arbitrary files by tricking the user into applying a specially crafted patch. (bsc#913678) * CVE-2015-1395: directory traversal flaw when handling patches which rename files. This could allow an attacker to overwrite arbitrary files by tricking the user into applying a specially crafted patch. (bsc#915328) * CVE-2015-1396: directory traversal flaw via symbolic links. This could allow an attacker to overwrite arbitrary files by tricking the user into applying a by applying a specially crafted patch. (bsc#915329)
The following bug was fixed:
bsc#904519: Function names in hunks (from diff -p) are now preserved in reject files.
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 904519
913678
915328
915329
CVE-2015-1196
CVE-2015-1395
CVE-2015-1396
SUSE-SU-2015:1019-1
|
| Platform(s): | SUSE Linux Enterprise Desktop 12
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Desktop 12 is installed AND patch-2.7.5-7.1 is installed
|