openSUSE Security Update : patch (openSUSE-SU-2015:0199-1)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update fixes the following security issue :

+ Security fix for a directory traversal flaw when
handling git-style patches. This could allow an attacker
to overwrite arbitrary files by applying a specially
crafted patch. [boo#913678] [CVE-2015-1196]

This update fixes the following issues :

+ When a file isn't being deleted because the file
contents don't match the patch, the resulting message is
now 'Not deleting file ... as content differs from
patch' instead of 'File ... is not empty after patch;
not deleting'.

+ Function names in hunks (from diff -p) are now preserved
in reject files [boo#904519]

See also :

http://lists.opensuse.org/opensuse-updates/2015-02/msg00013.html
https://bugzilla.opensuse.org/show_bug.cgi?id=904519
https://bugzilla.opensuse.org/show_bug.cgi?id=913678

Solution :

Update the affected patch packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Family: SuSE Local Security Checks

Nessus Plugin ID: 81156 ()

Bugtraq ID:

CVE ID: CVE-2015-1196

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now