bosh-2021.09.01-44.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11372 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z bosh-2021.09.01-44.2 on GA media These are all security issues fixed in the bosh-2021.09.01-44.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11372 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11372 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2018-1000156/ SUSE CVE CVE-2018-1000156 page openSUSE Tumbleweed bosh-2021.09.01-44.2 btcflash-2021.09.01-44.2 cdda2wav-3.02~a10-44.2 cdrecord-3.02~a10-44.2 libcdrdeflt1_0-3.02~a10-44.2 libdeflt1_0-2021.09.01-44.2 libedc_ecc1_0-3.02~a10-44.2 libedc_ecc_dec1_0-3.02~a10-44.2 libfile1_0-2021.09.01-44.2 libfind4_0-1.8-44.2 libparanoia1_0-3.02~a10-44.2 librmt-devel-doc-2021.09.01-44.2 librmt1_0-2021.09.01-44.2 librscg1_0-2021.09.01-44.2 libscg-devel-2021.09.01-44.2 libscg1_0-2021.09.01-44.2 libscgcmd1_0-2021.09.01-44.2 libschily-devel-2021.09.01-44.2 libschily-devel-doc-2021.09.01-44.2 libschily2_0-2021.09.01-44.2 libxtermcap1_0-2021.09.01-44.2 mkisofs-3.02~a10-44.2 readcd-3.02~a10-44.2 rscsi-2021.09.01-44.2 sccs-2021.09.01-44.2 schily-ctags-2021.09.01-44.2 schily-mt-2021.09.01-44.2 schily-rmt-2021.09.01-44.2 smake-2021.09.01-44.2 spax-1.6.1-44.2 star-1.6.1-44.2 ved-1.8-44.2 bosh-2021.09.01-44.2 as a component of openSUSE Tumbleweed btcflash-2021.09.01-44.2 as a component of openSUSE Tumbleweed cdda2wav-3.02~a10-44.2 as a component of openSUSE Tumbleweed cdrecord-3.02~a10-44.2 as a component of openSUSE Tumbleweed libcdrdeflt1_0-3.02~a10-44.2 as a component of openSUSE Tumbleweed libdeflt1_0-2021.09.01-44.2 as a component of openSUSE Tumbleweed libedc_ecc1_0-3.02~a10-44.2 as a component of openSUSE Tumbleweed libedc_ecc_dec1_0-3.02~a10-44.2 as a component of openSUSE Tumbleweed libfile1_0-2021.09.01-44.2 as a component of openSUSE Tumbleweed libfind4_0-1.8-44.2 as a component of openSUSE Tumbleweed libparanoia1_0-3.02~a10-44.2 as a component of openSUSE Tumbleweed librmt-devel-doc-2021.09.01-44.2 as a component of openSUSE Tumbleweed librmt1_0-2021.09.01-44.2 as a component of openSUSE Tumbleweed librscg1_0-2021.09.01-44.2 as a component of openSUSE Tumbleweed libscg-devel-2021.09.01-44.2 as a component of openSUSE Tumbleweed libscg1_0-2021.09.01-44.2 as a component of openSUSE Tumbleweed libscgcmd1_0-2021.09.01-44.2 as a component of openSUSE Tumbleweed libschily-devel-2021.09.01-44.2 as a component of openSUSE Tumbleweed libschily-devel-doc-2021.09.01-44.2 as a component of openSUSE Tumbleweed libschily2_0-2021.09.01-44.2 as a component of openSUSE Tumbleweed libxtermcap1_0-2021.09.01-44.2 as a component of openSUSE Tumbleweed mkisofs-3.02~a10-44.2 as a component of openSUSE Tumbleweed readcd-3.02~a10-44.2 as a component of openSUSE Tumbleweed rscsi-2021.09.01-44.2 as a component of openSUSE Tumbleweed sccs-2021.09.01-44.2 as a component of openSUSE Tumbleweed schily-ctags-2021.09.01-44.2 as a component of openSUSE Tumbleweed schily-mt-2021.09.01-44.2 as a component of openSUSE Tumbleweed schily-rmt-2021.09.01-44.2 as a component of openSUSE Tumbleweed smake-2021.09.01-44.2 as a component of openSUSE Tumbleweed spax-1.6.1-44.2 as a component of openSUSE Tumbleweed star-1.6.1-44.2 as a component of openSUSE Tumbleweed ved-1.8-44.2 as a component of openSUSE Tumbleweed GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time. CVE-2018-1000156 openSUSE Tumbleweed:bosh-2021.09.01-44.2 openSUSE Tumbleweed:btcflash-2021.09.01-44.2 openSUSE Tumbleweed:cdda2wav-3.02~a10-44.2 openSUSE Tumbleweed:cdrecord-3.02~a10-44.2 openSUSE Tumbleweed:libcdrdeflt1_0-3.02~a10-44.2 openSUSE Tumbleweed:libdeflt1_0-2021.09.01-44.2 openSUSE Tumbleweed:libedc_ecc1_0-3.02~a10-44.2 openSUSE Tumbleweed:libedc_ecc_dec1_0-3.02~a10-44.2 openSUSE Tumbleweed:libfile1_0-2021.09.01-44.2 openSUSE Tumbleweed:libfind4_0-1.8-44.2 openSUSE Tumbleweed:libparanoia1_0-3.02~a10-44.2 openSUSE Tumbleweed:librmt-devel-doc-2021.09.01-44.2 openSUSE Tumbleweed:librmt1_0-2021.09.01-44.2 openSUSE Tumbleweed:librscg1_0-2021.09.01-44.2 openSUSE Tumbleweed:libscg-devel-2021.09.01-44.2 openSUSE Tumbleweed:libscg1_0-2021.09.01-44.2 openSUSE Tumbleweed:libscgcmd1_0-2021.09.01-44.2 openSUSE Tumbleweed:libschily-devel-2021.09.01-44.2 openSUSE Tumbleweed:libschily-devel-doc-2021.09.01-44.2 openSUSE Tumbleweed:libschily2_0-2021.09.01-44.2 openSUSE Tumbleweed:libxtermcap1_0-2021.09.01-44.2 openSUSE Tumbleweed:mkisofs-3.02~a10-44.2 openSUSE Tumbleweed:readcd-3.02~a10-44.2 openSUSE Tumbleweed:rscsi-2021.09.01-44.2 openSUSE Tumbleweed:sccs-2021.09.01-44.2 openSUSE Tumbleweed:schily-ctags-2021.09.01-44.2 openSUSE Tumbleweed:schily-mt-2021.09.01-44.2 openSUSE Tumbleweed:schily-rmt-2021.09.01-44.2 openSUSE Tumbleweed:smake-2021.09.01-44.2 openSUSE Tumbleweed:spax-1.6.1-44.2 openSUSE Tumbleweed:star-1.6.1-44.2 openSUSE Tumbleweed:ved-1.8-44.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-1000156.html CVE-2018-1000156 https://bugzilla.suse.com/1088420 SUSE Bug 1088420 https://bugzilla.suse.com/1093615 SUSE Bug 1093615 https://bugzilla.suse.com/1101128 SUSE Bug 1101128 https://bugzilla.suse.com/1142513 SUSE Bug 1142513