CVE-2019-13638 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2019-13638 Interim 1 17 2023-01-19T01:37:27Z current 2021-05-30T14:29:31Z 2023-01-19T01:37:27Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2019-13638 GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SLES for SAP Applications 11 SP3 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise High Performance Computing 12 SP4 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Server 11 SP1 for Teradata SUSE Linux Enterprise Server 11 SP3 LTSS SUSE Linux Enterprise Server 11 SP3 for Teradata SUSE Linux Enterprise Server 11 SP4 LTSS SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Basesystem 15 SP1 patch patch as a component of SLES for SAP Applications 11 SP3 patch as a component of SUSE Linux Enterprise Desktop 12 SP3 patch as a component of SUSE Linux Enterprise Desktop 12 SP4 patch as a component of SUSE Linux Enterprise High Performance Computing 12 SP4 patch as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 patch as a component of SUSE Linux Enterprise Module for Development Tools 15 patch as a component of SUSE Linux Enterprise Server 11 SP1 for Teradata patch as a component of SUSE Linux Enterprise Server 11 SP3 LTSS patch as a component of SUSE Linux Enterprise Server 11 SP3 for Teradata patch as a component of SUSE Linux Enterprise Server 11 SP4 LTSS patch as a component of SUSE Linux Enterprise Server 12 SP1-LTSS patch as a component of SUSE Linux Enterprise Server 12 SP2-LTSS patch as a component of SUSE Linux Enterprise Server 12 SP3 patch as a component of SUSE Linux Enterprise Server 12 SP4 patch as a component of SUSE Linux Enterprise Server 12-LTSS patch as a component of SUSE Linux Enterprise Server for SAP Applications 12 patch as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 patch as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 patch as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156. CVE-2019-13638 SLES for SAP Applications 11 SP3:patch SUSE Linux Enterprise Desktop 12 SP3:patch SUSE Linux Enterprise Desktop 12 SP4:patch SUSE Linux Enterprise High Performance Computing 12 SP4:patch SUSE Linux Enterprise Module for Basesystem 15 SP1:patch SUSE Linux Enterprise Module for Development Tools 15:patch SUSE Linux Enterprise Server 11 SP1 for Teradata:patch SUSE Linux Enterprise Server 11 SP3 LTSS:patch SUSE Linux Enterprise Server 11 SP3 for Teradata:patch SUSE Linux Enterprise Server 11 SP4 LTSS:patch SUSE Linux Enterprise Server 12 SP1-LTSS:patch SUSE Linux Enterprise Server 12 SP2-LTSS:patch SUSE Linux Enterprise Server 12 SP3:patch SUSE Linux Enterprise Server 12 SP4:patch SUSE Linux Enterprise Server 12-LTSS:patch SUSE Linux Enterprise Server for SAP Applications 12 SP2:patch SUSE Linux Enterprise Server for SAP Applications 12 SP3:patch SUSE Linux Enterprise Server for SAP Applications 12 SP4:patch SUSE Linux Enterprise Server for SAP Applications 12:patch important 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C 7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H