VYPR

rpm package

suse/patch&distro=SUSE Linux Enterprise Desktop 12

pkg:rpm/suse/patch&distro=SUSE%20Linux%20Enterprise%20Desktop%2012

Vulnerabilities (3)

  • CVE-2015-1396Nov 25, 2019
    affected < 2.7.5-7.1fixed 2.7.5-7.1

    A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196.

  • CVE-2015-1395HigAug 25, 2017
    affected < 2.7.5-7.1fixed 2.7.5-7.1

    Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.

  • CVE-2015-1196Jan 21, 2015
    affected < 2.7.5-7.1fixed 2.7.5-7.1

    GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.