Oval Definition:oval:org.opensuse.security:def:93817
Revision Date:2022-06-02Version:1
Title: (Moderate)
Description:

This update for patch fixes the following issues:

Security issues fixed:

- CVE-2019-13636: Fixed follow symlinks unless --follow-symlinks is given. This increases the security against malicious patches (bsc#1142041). - CVE-2018-6952: Fixed swapping fakelines in pch_swap. This bug was causing a double free leading to a crash (bsc#1080985).

Bugfixes:

- Abort when cleaning up fails. This bug could cause an infinite loop when a patch wouldn't apply, leading to a segmentation fault (bsc#1111572). - Pass the correct stat to backup files. This bug would occasionally cause backup files to be missing when all hunks failed to apply (bsc#1198106).
Family:unixClass:patch
Status:Reference(s):1080985
1111572
1142041
1198106
CVE-2016-1544
CVE-2018-1000168
CVE-2018-6952
CVE-2019-13636
CVE-2019-18802
CVE-2019-9511
CVE-2019-9513
Platform(s):Image SLES15-SP4-Manager-Server-4-3-BYOS
SUSE Linux Enterprise Desktop 15 SP2
SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise Module for Basesystem 15 SP2
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Storage 7
SUSE Manager Proxy 4.1
SUSE Manager Server 4.1
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed
  • AND Package Information
  • libnghttp2-14-1.40.0-1.15 is installed
  • OR libnghttp2-14-32bit-1.40.0-1.15 is installed
  • OR libnghttp2-devel-1.40.0-1.15 is installed
  • OR libnghttp2_asio-devel-1.40.0-1.15 is installed
  • OR libnghttp2_asio1-1.40.0-1.15 is installed
    • Definition Synopsis
  • Image SLES15-SP4-Manager-Server-4-3-BYOS is installed
  • AND patch-2.7.6-150000.5.3.1 is installed
    • BACK