Oval Definition:	oval:org.opensuse.security:def:95240
Revision Date: 2022-06-02 Version: 1 Title: Security update for patch (Moderate) Description: This update for patch fixes the following issues: Security issues fixed: - CVE-2019-13636: Fixed follow symlinks unless --follow-symlinks is given. This increases the security against malicious patches (bsc#1142041). - CVE-2018-6952: Fixed swapping fakelines in pch_swap. This bug was causing a double free leading to a crash (bsc#1080985). Bugfixes: - Abort when cleaning up fails. This bug could cause an infinite loop when a patch wouldn't apply, leading to a segmentation fault (bsc#1111572). - Pass the correct stat to backup files. This bug would occasionally cause backup files to be missing when all hunks failed to apply (bsc#1198106). Family: unix Class: patch Status: Reference(s): 1080985 1111572 1142041 1185833 1198106 CVE-2018-6952 CVE-2019-13636 CVE-2020-18032 SUSE-SU-2022:1925-1 Platform(s): SUSE Linux Enterprise Desktop 15 SP4 SUSE Linux Enterprise High Performance Computing 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 SUSE Linux Enterprise Server 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 Product(s): Definition Synopsis Release Information SUSE Linux Enterprise Desktop 15 SP4 is installed OR SUSE Linux Enterprise High Performance Computing 15 SP4 is installed OR SUSE Linux Enterprise Module for Basesystem 15 SP4 is installed OR SUSE Linux Enterprise Server 15 SP4 is installed OR SUSE Linux Enterprise Server for SAP Applications 15 SP4 is installed OR SUSE Manager Proxy 4.3 is installed OR SUSE Manager Retail Branch Server 4.3 is installed OR SUSE Manager Server 4.3 is installed AND patch-2.7.6-150000.5.3.1 is installed
BACK