Security update for patch (moderate)

An update that solves two vulnerabilities and has two fixes
is now available.

Description:

This update for patch fixes the following issues:

Security issues fixed:

• CVE-2019-13636: Fixed follow symlinks unless --follow-symlinks is given.
  This increases the security against malicious patches (bsc#1142041).
• CVE-2018-6952: Fixed swapping fakelines in pch_swap. This bug was
  causing a double free leading to a crash (bsc#1080985).

Bugfixes:

• Abort when cleaning up fails. This bug could cause an infinite loop when
  a patch wouldn’t apply, leading to a segmentation fault (bsc#1111572).
• Pass the correct stat to backup files. This bug would occasionally cause
  backup files to be missing when all hunks failed to apply (bsc#1198106).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Leap 15.4:

  zypper in -t patch openSUSE-SLE-15.4-2022-1925=1

• openSUSE Leap 15.3:

  zypper in -t patch openSUSE-SLE-15.3-2022-1925=1

• SUSE Linux Enterprise Module for Basesystem 15-SP4:

  zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1925=1

• SUSE Linux Enterprise Module for Basesystem 15-SP3:

  zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1925=1