Описание
Security update for patch
This update for patch fixes the following issues:
Security issues fixed:
- CVE-2019-13636: Fixed follow symlinks unless --follow-symlinks is given. This increases the security against malicious patches (bsc#1142041).
- CVE-2018-6952: Fixed swapping fakelines in pch_swap. This bug was causing a double free leading to a crash (bsc#1080985).
Bugfixes:
- Abort when cleaning up fails. This bug could cause an infinite loop when a patch wouldn't apply, leading to a segmentation fault (bsc#1111572).
- Pass the correct stat to backup files. This bug would occasionally cause backup files to be missing when all hunks failed to apply (bsc#1198106).
Список пакетов
Container bci/bci-sle15-kernel-module-devel:15.5
patch-2.7.6-150000.5.3.1
Container bci/bci-sle15-kernel-module-devel:15.7
patch-2.7.6-150000.5.3.1
Container bci/bci-sle15-kernel-module-devel:latest
patch-2.7.6-150000.5.3.1
Container bci/spack:0.23
patch-2.7.6-150000.5.3.1
Container bci/spack:latest
patch-2.7.6-150000.5.3.1
Container suse/manager/5.0/x86_64/server:latest
patch-2.7.6-150000.5.3.1
Image SLES15-SP1-CHOST-BYOS-GCE
patch-2.7.6-150000.5.3.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
patch-2.7.6-150000.5.3.1
Image SLES15-SP1-SAPCAL-Azure
patch-2.7.6-150000.5.3.1
Image SLES15-SP1-SAPCAL-EC2-HVM
patch-2.7.6-150000.5.3.1
Image SLES15-SP1-SAPCAL-GCE
patch-2.7.6-150000.5.3.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure
patch-2.7.6-150000.5.3.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM
patch-2.7.6-150000.5.3.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE
patch-2.7.6-150000.5.3.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
patch-2.7.6-150000.5.3.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
patch-2.7.6-150000.5.3.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
patch-2.7.6-150000.5.3.1
Image SLES15-SP3-SAPCAL-Azure
patch-2.7.6-150000.5.3.1
Image SLES15-SP3-SAPCAL-EC2-HVM
patch-2.7.6-150000.5.3.1
Image SLES15-SP3-SAPCAL-GCE
patch-2.7.6-150000.5.3.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS
patch-2.7.6-150000.5.3.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure
patch-2.7.6-150000.5.3.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2
patch-2.7.6-150000.5.3.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE
patch-2.7.6-150000.5.3.1
Image SLES15-SP4-Manager-Server-4-3
patch-2.7.6-150000.5.3.1
Image SLES15-SP4-Manager-Server-4-3-Azure-llc
patch-2.7.6-150000.5.3.1
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd
patch-2.7.6-150000.5.3.1
Image SLES15-SP4-Manager-Server-4-3-BYOS
patch-2.7.6-150000.5.3.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
patch-2.7.6-150000.5.3.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
patch-2.7.6-150000.5.3.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
patch-2.7.6-150000.5.3.1
Image SLES15-SP4-Manager-Server-4-3-EC2-llc
patch-2.7.6-150000.5.3.1
Image SLES15-SP4-Manager-Server-4-3-EC2-ltd
patch-2.7.6-150000.5.3.1
Image SLES15-SP4-SAP
patch-2.7.6-150000.5.3.1
Image SLES15-SP4-SAP-Azure
patch-2.7.6-150000.5.3.1
Image SLES15-SP4-SAP-EC2
patch-2.7.6-150000.5.3.1
Image SLES15-SP4-SAP-GCE
patch-2.7.6-150000.5.3.1
Image SLES15-SP4-SAPCAL
patch-2.7.6-150000.5.3.1
Image SLES15-SP4-SAPCAL-Azure
patch-2.7.6-150000.5.3.1
Image SLES15-SP4-SAPCAL-EC2
patch-2.7.6-150000.5.3.1
Image SLES15-SP4-SAPCAL-GCE
patch-2.7.6-150000.5.3.1
Image SLES15-SP5-SAP-Azure
patch-2.7.6-150000.5.3.1
Image SLES15-SP5-SAP-EC2
patch-2.7.6-150000.5.3.1
Image SLES15-SP5-SAP-GCE
patch-2.7.6-150000.5.3.1
Image SLES15-SP5-SAPCAL-Azure
patch-2.7.6-150000.5.3.1
Image SLES15-SP5-SAPCAL-EC2
patch-2.7.6-150000.5.3.1
Image SLES15-SP5-SAPCAL-GCE
patch-2.7.6-150000.5.3.1
Image SLES15-SP6-SAP
patch-2.7.6-150000.5.3.1
Image SLES15-SP6-SAP-Azure
patch-2.7.6-150000.5.3.1
Image SLES15-SP6-SAP-EC2
patch-2.7.6-150000.5.3.1
Image SLES15-SP6-SAP-GCE
patch-2.7.6-150000.5.3.1
Image SLES15-SP6-SAPCAL
patch-2.7.6-150000.5.3.1
Image SLES15-SP6-SAPCAL-Azure
patch-2.7.6-150000.5.3.1
Image SLES15-SP6-SAPCAL-EC2
patch-2.7.6-150000.5.3.1
Image SLES15-SP6-SAPCAL-GCE
patch-2.7.6-150000.5.3.1
Image server-image
patch-2.7.6-150000.5.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
patch-2.7.6-150000.5.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP4
patch-2.7.6-150000.5.3.1
openSUSE Leap 15.3
patch-2.7.6-150000.5.3.1
openSUSE Leap 15.4
patch-2.7.6-150000.5.3.1
Ссылки
- Link for SUSE-SU-2022:1925-1
- E-Mail link for SUSE-SU-2022:1925-1
- SUSE Security Ratings
- SUSE Bug 1080985
- SUSE Bug 1111572
- SUSE Bug 1142041
- SUSE Bug 1198106
- SUSE CVE CVE-2018-6952 page
- SUSE CVE CVE-2019-13636 page
Описание
A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.
Затронутые продукты
Container bci/bci-sle15-kernel-module-devel:15.5:patch-2.7.6-150000.5.3.1
Container bci/bci-sle15-kernel-module-devel:15.7:patch-2.7.6-150000.5.3.1
Container bci/bci-sle15-kernel-module-devel:latest:patch-2.7.6-150000.5.3.1
Container bci/spack:0.23:patch-2.7.6-150000.5.3.1
Ссылки
- CVE-2018-6952
- SUSE Bug 1080985
- SUSE Bug 1167721
Описание
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.
Затронутые продукты
Container bci/bci-sle15-kernel-module-devel:15.5:patch-2.7.6-150000.5.3.1
Container bci/bci-sle15-kernel-module-devel:15.7:patch-2.7.6-150000.5.3.1
Container bci/bci-sle15-kernel-module-devel:latest:patch-2.7.6-150000.5.3.1
Container bci/spack:0.23:patch-2.7.6-150000.5.3.1
Ссылки
- CVE-2019-13636
- SUSE Bug 1142041