Mailinglist Archive: opensuse-updates (101 mails)

< Previous Next >
openSUSE-SU-2015:0199-1: moderate: Security update for patch
openSUSE Security Update: Security update for patch
______________________________________________________________________________

Announcement ID: openSUSE-SU-2015:0199-1
Rating: moderate
References: #904519 #913678
Cross-References: CVE-2015-1196
Affected Products:
openSUSE 13.2
openSUSE 13.1
______________________________________________________________________________

An update that solves one vulnerability and has one errata
is now available.

Description:


This update fixes the following security issue:

+ Security fix for a directory traversal flaw when handling git-style
patches. This could allow an attacker to
overwrite arbitrary files by applying a specially crafted patch.
[boo#913678] [CVE-2015-1196]

This update fixes the following issues:

+ When a file isn't being deleted because the file contents don't match
the patch, the resulting message is now "Not deleting file ... as
content differs from patch" instead of "File ... is not empty after
patch; not deleting".
+ Function names in hunks (from diff -p) are now preserved in reject
files [boo#904519]


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2015-98

- openSUSE 13.1:

zypper in -t patch openSUSE-2015-98

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.2 (i586 x86_64):

patch-2.7.3-7.4.1
patch-debuginfo-2.7.3-7.4.1
patch-debugsource-2.7.3-7.4.1

- openSUSE 13.1 (i586 x86_64):

patch-2.7.3-4.4.1
patch-debuginfo-2.7.3-4.4.1
patch-debugsource-2.7.3-4.4.1


References:

http://support.novell.com/security/cve/CVE-2015-1196.html
https://bugzilla.suse.com/show_bug.cgi?id=904519
https://bugzilla.suse.com/show_bug.cgi?id=913678


< Previous Next >
This Thread
  • No further messages