{"id":"CVE-2015-1196","details":"GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.","modified":"2026-04-16T06:15:33.144971169Z","published":"2015-01-21T18:59:57Z","related":["SUSE-SU-2015:1019-1","openSUSE-SU-2024:10379-1"],"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2015-02/msg00013.html"},{"type":"ADVISORY","url":"http://seclists.org/oss-sec/2015/q1/173"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/72074"},{"type":"ADVISORY","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1182154"},{"type":"EVIDENCE","url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227"},{"type":"FIX","url":"http://git.savannah.gnu.org/cgit/patch.git/commit/?id=4e9269a5fc1fe80a1095a92593dd85db871e1fd3"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1182154"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/99967"}],"schema_version":"1.7.5"}