Описание
Security update for patch
This update for patch fixes the following issues:
- CVE-2019-20633: Fixed double-free/OOB read in pch.c (bsc#1167721)
Список пакетов
Container bci/bci-sle15-kernel-module-devel:15.5
patch-2.7.6-150000.5.6.1
Container bci/bci-sle15-kernel-module-devel:15.7
patch-2.7.6-150000.5.6.1
Container bci/bci-sle15-kernel-module-devel:latest
patch-2.7.6-150000.5.6.1
Container bci/spack:0.23
patch-2.7.6-150000.5.6.1
Container bci/spack:latest
patch-2.7.6-150000.5.6.1
Container suse/manager/5.0/x86_64/server:latest
patch-2.7.6-150000.5.6.1
Image SLES15-SP3-SAPCAL-Azure
patch-2.7.6-150000.5.6.1
Image SLES15-SP3-SAPCAL-EC2-HVM
patch-2.7.6-150000.5.6.1
Image SLES15-SP3-SAPCAL-GCE
patch-2.7.6-150000.5.6.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS
patch-2.7.6-150000.5.6.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure
patch-2.7.6-150000.5.6.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2
patch-2.7.6-150000.5.6.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE
patch-2.7.6-150000.5.6.1
Image SLES15-SP4-Manager-Server-4-3
patch-2.7.6-150000.5.6.1
Image SLES15-SP4-Manager-Server-4-3-Azure-llc
patch-2.7.6-150000.5.6.1
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd
patch-2.7.6-150000.5.6.1
Image SLES15-SP4-Manager-Server-4-3-BYOS
patch-2.7.6-150000.5.6.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
patch-2.7.6-150000.5.6.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
patch-2.7.6-150000.5.6.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
patch-2.7.6-150000.5.6.1
Image SLES15-SP4-Manager-Server-4-3-EC2-llc
patch-2.7.6-150000.5.6.1
Image SLES15-SP4-Manager-Server-4-3-EC2-ltd
patch-2.7.6-150000.5.6.1
Image SLES15-SP4-SAP
patch-2.7.6-150000.5.6.1
Image SLES15-SP4-SAP-Azure
patch-2.7.6-150000.5.6.1
Image SLES15-SP4-SAP-EC2
patch-2.7.6-150000.5.6.1
Image SLES15-SP4-SAP-GCE
patch-2.7.6-150000.5.6.1
Image SLES15-SP4-SAPCAL
patch-2.7.6-150000.5.6.1
Image SLES15-SP4-SAPCAL-Azure
patch-2.7.6-150000.5.6.1
Image SLES15-SP4-SAPCAL-EC2
patch-2.7.6-150000.5.6.1
Image SLES15-SP4-SAPCAL-GCE
patch-2.7.6-150000.5.6.1
Image SLES15-SP5-SAPCAL-Azure
patch-2.7.6-150000.5.6.1
Image SLES15-SP5-SAPCAL-EC2
patch-2.7.6-150000.5.6.1
Image SLES15-SP5-SAPCAL-GCE
patch-2.7.6-150000.5.6.1
Image SLES15-SP6-SAP
patch-2.7.6-150000.5.6.1
Image SLES15-SP6-SAP-Azure
patch-2.7.6-150000.5.6.1
Image SLES15-SP6-SAP-EC2
patch-2.7.6-150000.5.6.1
Image SLES15-SP6-SAP-GCE
patch-2.7.6-150000.5.6.1
Image SLES15-SP6-SAPCAL
patch-2.7.6-150000.5.6.1
Image SLES15-SP6-SAPCAL-Azure
patch-2.7.6-150000.5.6.1
Image SLES15-SP6-SAPCAL-EC2
patch-2.7.6-150000.5.6.1
Image SLES15-SP6-SAPCAL-GCE
patch-2.7.6-150000.5.6.1
Image server-image
patch-2.7.6-150000.5.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP5
patch-2.7.6-150000.5.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
patch-2.7.6-150000.5.6.1
openSUSE Leap 15.5
patch-2.7.6-150000.5.6.1
openSUSE Leap 15.6
patch-2.7.6-150000.5.6.1
Ссылки
- Link for SUSE-SU-2024:2780-1
- E-Mail link for SUSE-SU-2024:2780-1
- SUSE Security Ratings
- SUSE Bug 1167721
- SUSE CVE CVE-2019-20633 page
Описание
GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952.
Затронутые продукты
Container bci/bci-sle15-kernel-module-devel:15.5:patch-2.7.6-150000.5.6.1
Container bci/bci-sle15-kernel-module-devel:15.7:patch-2.7.6-150000.5.6.1
Container bci/bci-sle15-kernel-module-devel:latest:patch-2.7.6-150000.5.6.1
Container bci/spack:0.23:patch-2.7.6-150000.5.6.1
Ссылки
- CVE-2019-20633
- SUSE Bug 1080985
- SUSE Bug 1167721