Описание
Security update for patch
This update for patch fixes the following issues:
Security fixes:
- CVE-2019-13636: Fixed mishandled following of symlinks in certain cases other than input files (bsc#1142041).
- CVE-2018-6952: Fixed double free of memory in pch.c:another_hunk() (bsc#1080985).
Bugfixes:
- Pass the correct stat to backup files (bsc#1198106).
- Fix temporary file leak when applying ed-style patches (bsc#1092500).
Список пакетов
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
patch-2.7.5-8.8.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
patch-2.7.5-8.8.1
SUSE Linux Enterprise Server 12 SP5
patch-2.7.5-8.8.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
patch-2.7.5-8.8.1
Ссылки
- Link for SUSE-SU-2022:1932-1
- E-Mail link for SUSE-SU-2022:1932-1
- SUSE Security Ratings
- SUSE Bug 1080985
- SUSE Bug 1092500
- SUSE Bug 1142041
- SUSE Bug 1198106
- SUSE CVE CVE-2018-6952 page
- SUSE CVE CVE-2019-13636 page
Описание
A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.
Затронутые продукты
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production:patch-2.7.5-8.8.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:patch-2.7.5-8.8.1
SUSE Linux Enterprise Server 12 SP5:patch-2.7.5-8.8.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:patch-2.7.5-8.8.1
Ссылки
- CVE-2018-6952
- SUSE Bug 1080985
- SUSE Bug 1167721
Описание
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.
Затронутые продукты
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production:patch-2.7.5-8.8.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:patch-2.7.5-8.8.1
SUSE Linux Enterprise Server 12 SP5:patch-2.7.5-8.8.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:patch-2.7.5-8.8.1
Ссылки
- CVE-2019-13636
- SUSE Bug 1142041