[security-announce] patch : Security update (Enea Linux 4.0)

Sona Sarmadi sona.sarmadi at enea.com
Tue Sep 8 09:02:57 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

	Enea Linux Security Advisory

=========================================================
Product/package: patch 2.7.1
Severity: Moderate
CVE Name: CVE-2015-1196
=========================================================
This security patch fixes directory traversal via symlinks
in patch 2.7.1.


Signed patch and README files
================================
0099-patch-fix-CVE-2015-1196.patch
0099-patch-fix-CVE-2015-1196.patch.sig
0099-patch-fix-CVE-2015-1196.READMAE.asc

Description
===========
GNU patch 2.7.1 allows remote attackers to write to arbitrary
files via a symlink attack in a patch file.

Reference
==========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1196
http://seclists.org/oss-sec/2015/q1/173
http://git.savannah.gnu.org/cgit/patch.git/\
commit/?id=4e9269a5fc1fe80a1095a92593dd85db871e1fd3

How to apply the patches
=======================
Make sure that you have an installation of Enea Linux and
have applied the existing patches in the right order.

wget https://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
tar zxf Enea-Linux-4.0.tar.gz
cd Enea-Linux-4.0/poky/
<Fetch and apply the existing patches >

 - Fetch, verify and apply the new patch
wget https://linux.enea.com/4.0/patches/0099-patch-fix-CVE-2015-1196.pat
ch
wget
https://linux.enea.com/4.0/patches/0099-patch-fix-CVE-2015-1196.patch.si
g
gpg --verify 0099-patch-fix-CVE-2015-1196.patch.sig
patch -p1 < ./0099-patch-fix-CVE-2015-1196.patch


If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJV7oghAAoJEHc+9u9ocWoUFW4P/1waNUqGtknySqJ4beOHBl1i
vKyA89IgAr59rPeMuuDyWseNfkRUozEhHpmeUMQESf+gS4GPF8Ls2bdmBdeeY0l/
g/KW+iGlz8K1I2WOkP6MOD/5di8C7X1RInRSs9lH+6WMC7Y2i4kVv4zb6u+iNaEA
8U0/r5ZmLawRL8OlGyCMOLxvR7vP/a1RUIeqwqbPQR9HdoYAGp87IsdKCRlnW5Y1
LUK/dibXj4DHT8NoGOVB0lmS881aG73P2z+ojgDSHZsKjaZRLQxuxzvONYVSR8bw
uxvv/y8H0h/jBBRwUwxPbyokIwbJ7naZMRfXhtU1WbhbSw7Q6daF/kg/jNsTpurA
vUCEaVGhqAvxJRAgEyoJn7UNok+8+ui0UqAzG3Bqq8NIl4UAcPgNGvBYqxRMMYqj
hHJRKqGNx9Sz0lrm9LLcGSl8yLgb/OqoScTvwPwuVywRLBFmOFBQ3ur2WDxPQtr6
48fyPr4QAJXQCmB9sbIw5zpo0HvKZ+VoxfKXBS89SrmzZs0KwzJmpGysFdLR37M5
c0FVCphdhWVCXkwtrmJm9uESMTS+kfuvcu+Fvs3Al8aeVNwy4b2/e1ciH6D/HQY0
4P/DU/OD7lRo2U4tp1Vu4XO4aF8vHeo660c1AB1q2vNnRTchM/9ejyPCmDr5FsNB
4O4Fw/WyNcUmWFm2prFU
=+CgJ
-----END PGP SIGNATURE-----



More information about the security-announce mailing list