CVE-2015-1396 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2015-1396 Interim 1 17 2025-03-25T01:27:41Z current 2021-05-30T13:27:48Z 2025-03-25T01:27:41Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2015-1396 A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2015-June/001427.html E-Mail link for SUSE-SU-2015:1019-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 11 SP1 for Teradata SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12 SP5 patch patch-2.7.5-7.1 patch-2.7.5-8.5.1 patch-2.7.5-7.1 as a component of Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production patch-2.7.5-7.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production patch-2.7.5-7.1 as a component of SUSE Linux Enterprise Desktop 12 patch-2.7.5-7.1 as a component of SUSE Linux Enterprise Desktop 12 SP1 patch-2.7.5-7.1 as a component of SUSE Linux Enterprise Desktop 12 SP2 patch-2.7.5-7.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 patch-2.7.5-8.5.1 as a component of SUSE Linux Enterprise Desktop 12 SP4 patch-2.7.5-8.5.1 as a component of SUSE Linux Enterprise High Performance Computing 12 SP5 patch-2.7.5-7.1 as a component of SUSE Linux Enterprise Server 12 patch-2.7.5-7.1 as a component of SUSE Linux Enterprise Server 12 SP1 patch-2.7.5-7.1 as a component of SUSE Linux Enterprise Server 12 SP2 patch-2.7.5-7.1 as a component of SUSE Linux Enterprise Server 12 SP3 patch-2.7.5-8.5.1 as a component of SUSE Linux Enterprise Server 12 SP4 patch-2.7.5-8.5.1 as a component of SUSE Linux Enterprise Server 12 SP5 patch-2.7.5-7.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 patch-2.7.5-7.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 patch-2.7.5-8.5.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 patch as a component of SUSE Linux Enterprise Desktop 11 SP3 patch as a component of SUSE Linux Enterprise Server 11 SP1 for Teradata patch as a component of SUSE Linux Enterprise Server 11 SP3 A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196. CVE-2015-1396 Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production:patch-2.7.5-7.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:patch-2.7.5-7.1 SUSE Linux Enterprise Desktop 12:patch-2.7.5-7.1 SUSE Linux Enterprise Desktop 12 SP1:patch-2.7.5-7.1 SUSE Linux Enterprise Desktop 12 SP2:patch-2.7.5-7.1 SUSE Linux Enterprise Desktop 12 SP3:patch-2.7.5-7.1 SUSE Linux Enterprise Desktop 12 SP4:patch-2.7.5-8.5.1 SUSE Linux Enterprise High Performance Computing 12 SP5:patch-2.7.5-8.5.1 SUSE Linux Enterprise Server 12:patch-2.7.5-7.1 SUSE Linux Enterprise Server 12 SP1:patch-2.7.5-7.1 SUSE Linux Enterprise Server 12 SP2:patch-2.7.5-7.1 SUSE Linux Enterprise Server 12 SP3:patch-2.7.5-7.1 SUSE Linux Enterprise Server 12 SP4:patch-2.7.5-8.5.1 SUSE Linux Enterprise Server 12 SP5:patch-2.7.5-8.5.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:patch-2.7.5-7.1 SUSE Linux Enterprise Server for SAP Applications 12:patch-2.7.5-7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:patch-2.7.5-8.5.1 SUSE Linux Enterprise Desktop 11 SP3:patch SUSE Linux Enterprise Server 11 SP1 for Teradata:patch SUSE Linux Enterprise Server 11 SP3:patch important 6.4 AV:N/AC:L/Au:N/C:N/I:P/A:P 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N