{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2019-13638","title":"Title"},{"category":"description","text":"GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2019-13638","url":"https://www.suse.com/security/cve/CVE-2019-13638"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1088420 for CVE-2019-13638","url":"https://bugzilla.suse.com/1088420"},{"category":"external","summary":"SUSE Bug 1142513 for CVE-2019-13638","url":"https://bugzilla.suse.com/1142513"},{"category":"external","summary":"SUSE Bug 1146398 for CVE-2019-13638","url":"https://bugzilla.suse.com/1146398"}],"title":"SUSE CVE CVE-2019-13638","tracking":{"current_release_date":"2025-08-18T02:30:14Z","generator":{"date":"2023-02-15T04:10:39Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2019-13638","initial_release_date":"2023-02-15T04:10:39Z","revision_history":[{"date":"2023-02-15T04:10:39Z","number":"2","summary":"Current version"},{"date":"2023-10-31T02:33:36Z","number":"3","summary":"Current version"},{"date":"2024-06-13T05:09:04Z","number":"4","summary":"Current version"},{"date":"2025-01-01T06:26:12Z","number":"5","summary":"Current version"},{"date":"2025-01-10T03:33:21Z","number":"6","summary":"Current version"},{"date":"2025-02-15T07:06:28Z","number":"7","summary":"Current version"},{"date":"2025-02-17T07:31:19Z","number":"8","summary":"Current version"},{"date":"2025-03-15T10:41:40Z","number":"9","summary":"Current version"},{"date":"2025-04-08T02:42:52Z","number":"10","summary":"Current version"},{"date":"2025-04-25T06:09:52Z","number":"11","summary":"Current version"},{"date":"2025-06-26T04:52:56Z","number":"12","summary":"Current version"},{"date":"2025-07-01T01:47:22Z","number":"13","summary":"Current version"},{"date":"2025-08-18T02:30:14Z","number":"14","summary":"Current version"}],"status":"interim","version":"14"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SLES for SAP Applications 11 SP3","product":{"name":"SLES for SAP Applications 11 SP3","product_id":"SLES for SAP Applications 11 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:suse_sles_sap:11:sp3"}}},{"category":"product_name","name":"SUSE Enterprise Storage 6","product":{"name":"SUSE Enterprise Storage 6","product_id":"SUSE Enterprise Storage 6","product_identification_helper":{"cpe":"cpe:/o:suse:ses:6"}}},{"category":"product_name","name":"SUSE Liberty Linux 7","product":{"name":"SUSE Liberty Linux 7","product_id":"SUSE Liberty Linux 7","product_identification_helper":{"cpe":"cpe:/o:suse:sll:7"}}},{"category":"product_name","name":"SUSE Liberty Linux 7 LTSS","product":{"name":"SUSE Liberty Linux 7 LTSS","product_id":"SUSE Liberty Linux 7 LTSS"}},{"category":"product_name","name":"SUSE Liberty Linux 8","product":{"name":"SUSE Liberty Linux 8","product_id":"SUSE Liberty Linux 8","product_identification_helper":{"cpe":"cpe:/o:suse:sll:8"}}},{"category":"product_name","name":"SUSE Linux Enterprise Desktop 12 SP3","product":{"name":"SUSE Linux Enterprise Desktop 12 SP3","product_id":"SUSE Linux Enterprise Desktop 12 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sled:12:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Desktop 12 SP4","product":{"name":"SUSE Linux Enterprise Desktop 12 SP4","product_id":"SUSE Linux Enterprise Desktop 12 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sled:12:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Desktop 15","product":{"name":"SUSE Linux Enterprise Desktop 15","product_id":"SUSE Linux Enterprise Desktop 15","product_identification_helper":{"cpe":"cpe:/o:suse:sled:15"}}},{"category":"product_name","name":"SUSE Linux Enterprise Desktop 15 SP1","product":{"name":"SUSE Linux Enterprise Desktop 15 SP1","product_id":"SUSE Linux Enterprise Desktop 15 SP1","product_identification_helper":{"cpe":"cpe:/o:suse:sled:15:sp1"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 12 SP4","product":{"name":"SUSE Linux Enterprise High Performance Computing 12 SP4","product_id":"SUSE Linux Enterprise High Performance Computing 12 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sle-hpc:12:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15","product":{"name":"SUSE Linux Enterprise High Performance Computing 15","product_id":"SUSE Linux Enterprise High Performance Computing 15","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc:15"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP1","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP1","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP1","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc:15:sp1"}}},{"category":"product_name","name":"SUSE Linux Enterprise Module for Basesystem 15 SP1","product":{"name":"SUSE Linux Enterprise Module for Basesystem 15 SP1","product_id":"SUSE Linux Enterprise Module for Basesystem 15 SP1","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-basesystem:15:sp1"}}},{"category":"product_name","name":"SUSE Linux Enterprise Module for Development Tools 15","product":{"name":"SUSE Linux Enterprise Module for Development Tools 15","product_id":"SUSE Linux Enterprise Module for Development Tools 15","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-development-tools:15"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 11 SP1 for Teradata","product":{"name":"SUSE Linux Enterprise Server 11 SP1 for Teradata","product_id":"SUSE Linux Enterprise Server 11 SP1 for Teradata","product_identification_helper":{"cpe":"cpe:/o:suse:suse_sles_teradata:11:sp1"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 11 SP3 LTSS","product":{"name":"SUSE Linux Enterprise Server 11 SP3 LTSS","product_id":"SUSE Linux Enterprise Server 11 SP3 LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:suse_sles_ltss:11:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 11 SP3 for Teradata","product":{"name":"SUSE Linux Enterprise Server 11 SP3 for Teradata","product_id":"SUSE Linux Enterprise Server 11 SP3 for Teradata","product_identification_helper":{"cpe":"cpe:/o:suse:suse_sles_teradata:11:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 11 SP4 LTSS","product":{"name":"SUSE Linux Enterprise Server 11 SP4 LTSS","product_id":"SUSE Linux Enterprise Server 11 SP4 LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:suse_sles_ltss:11:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP1-LTSS","product":{"name":"SUSE Linux Enterprise Server 12 SP1-LTSS","product_id":"SUSE Linux Enterprise Server 12 SP1-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:12:sp1"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP2-LTSS","product":{"name":"SUSE Linux Enterprise Server 12 SP2-LTSS","product_id":"SUSE Linux Enterprise Server 12 SP2-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:12:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP3","product":{"name":"SUSE Linux Enterprise Server 12 SP3","product_id":"SUSE Linux Enterprise Server 12 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sles:12:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP4","product":{"name":"SUSE Linux Enterprise Server 12 SP4","product_id":"SUSE Linux Enterprise Server 12 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sles:12:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12-LTSS","product":{"name":"SUSE Linux Enterprise Server 12-LTSS","product_id":"SUSE Linux Enterprise Server 12-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:12"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15","product":{"name":"SUSE Linux Enterprise Server 15","product_id":"SUSE Linux Enterprise Server 15","product_identification_helper":{"cpe":"cpe:/o:suse:sles:15"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP1","product":{"name":"SUSE Linux Enterprise Server 15 SP1","product_id":"SUSE Linux Enterprise Server 15 SP1","product_identification_helper":{"cpe":"cpe:/o:suse:sles:15:sp1"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 12","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 12","product_id":"SUSE Linux Enterprise Server for SAP Applications 12","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:12"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 12 SP2","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 12 SP2","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:12:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 12 SP3","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 12 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:12:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 12 SP4","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 12 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:12:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15","product_id":"SUSE Linux Enterprise Server for SAP Applications 15","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP1","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP1","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP1","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp1"}}},{"category":"product_name","name":"SUSE Manager Proxy 4.0","product":{"name":"SUSE Manager Proxy 4.0","product_id":"SUSE Manager Proxy 4.0","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-proxy:4.0"}}},{"category":"product_name","name":"SUSE Manager Retail Branch Server 4.0","product":{"name":"SUSE Manager Retail Branch Server 4.0","product_id":"SUSE Manager Retail Branch Server 4.0","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-retail-branch-server:4.0"}}},{"category":"product_name","name":"SUSE Manager Server 4.0","product":{"name":"SUSE Manager Server 4.0","product_id":"SUSE Manager Server 4.0","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-server:4.0"}}},{"category":"product_version","name":"patch","product":{"name":"patch","product_id":"patch","product_identification_helper":{"cpe":"cpe:2.3:a:gnu:patch:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/patch@?upstream=patch.src.rpm"}}},{"category":"product_version","name":"patch-2.7.1-12.el7_7","product":{"name":"patch-2.7.1-12.el7_7","product_id":"patch-2.7.1-12.el7_7","product_identification_helper":{"cpe":"cpe:2.3:a:gnu:patch:2.7.1:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/patch@2.7.1-12.el7_7?upstream=patch-2.7.1-12.el7_7.src.rpm"}}},{"category":"product_version","name":"patch-2.7.6-9.el8_0","product":{"name":"patch-2.7.6-9.el8_0","product_id":"patch-2.7.6-9.el8_0","product_identification_helper":{"cpe":"cpe:2.3:a:gnu:patch:2.7.6:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/patch@2.7.6-9.el8_0?upstream=patch-2.7.6-9.el8_0.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"patch-2.7.1-12.el7_7 as component of SUSE Liberty Linux 7","product_id":"SUSE Liberty Linux 7:patch-2.7.1-12.el7_7"},"product_reference":"patch-2.7.1-12.el7_7","relates_to_product_reference":"SUSE Liberty Linux 7"},{"category":"default_component_of","full_product_name":{"name":"patch-2.7.1-12.el7_7 as component of SUSE Liberty Linux 7 LTSS","product_id":"SUSE Liberty Linux 7 LTSS:patch-2.7.1-12.el7_7"},"product_reference":"patch-2.7.1-12.el7_7","relates_to_product_reference":"SUSE Liberty Linux 7 LTSS"},{"category":"default_component_of","full_product_name":{"name":"patch-2.7.6-9.el8_0 as component of SUSE Liberty Linux 8","product_id":"SUSE Liberty Linux 8:patch-2.7.6-9.el8_0"},"product_reference":"patch-2.7.6-9.el8_0","relates_to_product_reference":"SUSE Liberty Linux 8"},{"category":"default_component_of","full_product_name":{"name":"patch as component of SLES for SAP Applications 11 SP3","product_id":"SLES for SAP Applications 11 SP3:patch"},"product_reference":"patch","relates_to_product_reference":"SLES for SAP Applications 11 SP3"},{"category":"default_component_of","full_product_name":{"name":"patch as component of SUSE Linux Enterprise Desktop 12 SP3","product_id":"SUSE Linux Enterprise Desktop 12 SP3:patch"},"product_reference":"patch","relates_to_product_reference":"SUSE Linux Enterprise Desktop 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"patch as component of SUSE Linux Enterprise Desktop 12 SP4","product_id":"SUSE Linux Enterprise Desktop 12 SP4:patch"},"product_reference":"patch","relates_to_product_reference":"SUSE Linux Enterprise Desktop 12 SP4"},{"category":"default_component_of","full_product_name":{"name":"patch as component of SUSE Linux Enterprise High Performance Computing 12 SP4","product_id":"SUSE Linux Enterprise High Performance Computing 12 SP4:patch"},"product_reference":"patch","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 12 SP4"},{"category":"default_component_of","full_product_name":{"name":"patch as component of SUSE Linux Enterprise Server 15 SP1","product_id":"SUSE Linux Enterprise Server 15 SP1:patch"},"product_reference":"patch","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"patch as component of SUSE Linux Enterprise Desktop 15 SP1","product_id":"SUSE Linux Enterprise Desktop 15 SP1:patch"},"product_reference":"patch","relates_to_product_reference":"SUSE Linux Enterprise Desktop 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"patch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP1:patch"},"product_reference":"patch","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"patch as component of SUSE Linux Enterprise High Performance Computing 15 SP1","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP1:patch"},"product_reference":"patch","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"patch as component of SUSE Manager Server 4.0","product_id":"SUSE Manager Server 4.0:patch"},"product_reference":"patch","relates_to_product_reference":"SUSE Manager Server 4.0"},{"category":"default_component_of","full_product_name":{"name":"patch as component of SUSE Manager Proxy 4.0","product_id":"SUSE Manager Proxy 4.0:patch"},"product_reference":"patch","relates_to_product_reference":"SUSE Manager Proxy 4.0"},{"category":"default_component_of","full_product_name":{"name":"patch as component of SUSE Manager Retail Branch Server 4.0","product_id":"SUSE Manager Retail Branch Server 4.0:patch"},"product_reference":"patch","relates_to_product_reference":"SUSE Manager Retail Branch Server 4.0"},{"category":"default_component_of","full_product_name":{"name":"patch as component of SUSE Enterprise Storage 6","product_id":"SUSE Enterprise Storage 6:patch"},"product_reference":"patch","relates_to_product_reference":"SUSE Enterprise Storage 6"},{"category":"default_component_of","full_product_name":{"name":"patch as component of SUSE Linux Enterprise Module for Basesystem 15 SP1","product_id":"SUSE Linux Enterprise Module for Basesystem 15 SP1:patch"},"product_reference":"patch","relates_to_product_reference":"SUSE Linux Enterprise Module for Basesystem 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"patch as component of SUSE Linux Enterprise Server 15","product_id":"SUSE Linux Enterprise Server 15:patch"},"product_reference":"patch","relates_to_product_reference":"SUSE Linux Enterprise Server 15"},{"category":"default_component_of","full_product_name":{"name":"patch as component of SUSE Linux Enterprise Desktop 15","product_id":"SUSE Linux Enterprise Desktop 15:patch"},"product_reference":"patch","relates_to_product_reference":"SUSE Linux Enterprise Desktop 15"},{"category":"default_component_of","full_product_name":{"name":"patch as component of SUSE Linux Enterprise Server for SAP Applications 15","product_id":"SUSE Linux Enterprise Server for SAP Applications 15:patch"},"product_reference":"patch","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15"},{"category":"default_component_of","full_product_name":{"name":"patch as component of SUSE Linux Enterprise High Performance Computing 15","product_id":"SUSE Linux Enterprise High Performance Computing 15:patch"},"product_reference":"patch","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15"},{"category":"default_component_of","full_product_name":{"name":"patch as component of SUSE Linux Enterprise Module for Development Tools 15","product_id":"SUSE Linux Enterprise Module for Development Tools 15:patch"},"product_reference":"patch","relates_to_product_reference":"SUSE Linux Enterprise Module for Development Tools 15"},{"category":"default_component_of","full_product_name":{"name":"patch as component of SUSE Linux Enterprise Server 11 SP1 for Teradata","product_id":"SUSE Linux Enterprise Server 11 SP1 for Teradata:patch"},"product_reference":"patch","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP1 for Teradata"},{"category":"default_component_of","full_product_name":{"name":"patch as component of SUSE Linux Enterprise Server 11 SP3 LTSS","product_id":"SUSE Linux Enterprise Server 11 SP3 LTSS:patch"},"product_reference":"patch","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP3 LTSS"},{"category":"default_component_of","full_product_name":{"name":"patch as component of SUSE Linux Enterprise Server 11 SP3 for Teradata","product_id":"SUSE Linux Enterprise Server 11 SP3 for Teradata:patch"},"product_reference":"patch","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP3 for Teradata"},{"category":"default_component_of","full_product_name":{"name":"patch as component of SUSE Linux Enterprise Server 11 SP4 LTSS","product_id":"SUSE Linux Enterprise Server 11 SP4 LTSS:patch"},"product_reference":"patch","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP4 LTSS"},{"category":"default_component_of","full_product_name":{"name":"patch as component of SUSE Linux Enterprise Server 12 SP1-LTSS","product_id":"SUSE Linux Enterprise Server 12 SP1-LTSS:patch"},"product_reference":"patch","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP1-LTSS"},{"category":"default_component_of","full_product_name":{"name":"patch as component of SUSE Linux Enterprise Server 12 SP2-LTSS","product_id":"SUSE Linux Enterprise Server 12 SP2-LTSS:patch"},"product_reference":"patch","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP2-LTSS"},{"category":"default_component_of","full_product_name":{"name":"patch as component of SUSE Linux Enterprise Server 12 SP3","product_id":"SUSE Linux Enterprise Server 12 SP3:patch"},"product_reference":"patch","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"patch as component of SUSE Linux Enterprise Server 12 SP4","product_id":"SUSE Linux Enterprise Server 12 SP4:patch"},"product_reference":"patch","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP4"},{"category":"default_component_of","full_product_name":{"name":"patch as component of SUSE Linux Enterprise Server 12-LTSS","product_id":"SUSE Linux Enterprise Server 12-LTSS:patch"},"product_reference":"patch","relates_to_product_reference":"SUSE Linux Enterprise Server 12-LTSS"},{"category":"default_component_of","full_product_name":{"name":"patch as component of SUSE Linux Enterprise Server for SAP Applications 12","product_id":"SUSE Linux Enterprise Server for SAP Applications 12:patch"},"product_reference":"patch","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12"},{"category":"default_component_of","full_product_name":{"name":"patch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP2:patch"},"product_reference":"patch","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP2"},{"category":"default_component_of","full_product_name":{"name":"patch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP3:patch"},"product_reference":"patch","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"patch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP4:patch"},"product_reference":"patch","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP4"}]},"vulnerabilities":[{"cve":"CVE-2019-13638","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-13638"}],"notes":[{"category":"general","text":"GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.","title":"CVE description"}],"product_status":{"known_not_affected":["SLES for SAP Applications 11 SP3:patch","SUSE Enterprise Storage 6:patch","SUSE Linux Enterprise Desktop 12 SP3:patch","SUSE Linux Enterprise Desktop 12 SP4:patch","SUSE Linux Enterprise Desktop 15 SP1:patch","SUSE Linux Enterprise Desktop 15:patch","SUSE Linux Enterprise High Performance Computing 12 SP4:patch","SUSE Linux Enterprise High Performance Computing 15 SP1:patch","SUSE Linux Enterprise High Performance Computing 15:patch","SUSE Linux Enterprise Module for Basesystem 15 SP1:patch","SUSE Linux Enterprise Module for Development Tools 15:patch","SUSE Linux Enterprise Server 11 SP1 for Teradata:patch","SUSE Linux Enterprise Server 11 SP3 LTSS:patch","SUSE Linux Enterprise Server 11 SP3 for Teradata:patch","SUSE Linux Enterprise Server 11 SP4 LTSS:patch","SUSE Linux Enterprise Server 12 SP1-LTSS:patch","SUSE Linux Enterprise Server 12 SP2-LTSS:patch","SUSE Linux Enterprise Server 12 SP3:patch","SUSE Linux Enterprise Server 12 SP4:patch","SUSE Linux Enterprise Server 12-LTSS:patch","SUSE Linux Enterprise Server 15 SP1:patch","SUSE Linux Enterprise Server 15:patch","SUSE Linux Enterprise Server for SAP Applications 12 SP2:patch","SUSE Linux Enterprise Server for SAP Applications 12 SP3:patch","SUSE Linux Enterprise Server for SAP Applications 12 SP4:patch","SUSE Linux Enterprise Server for SAP Applications 12:patch","SUSE Linux Enterprise Server for SAP Applications 15 SP1:patch","SUSE Linux Enterprise Server for SAP Applications 15:patch","SUSE Manager Proxy 4.0:patch","SUSE Manager Retail Branch Server 4.0:patch","SUSE Manager Server 4.0:patch"],"recommended":["SUSE Liberty Linux 7 LTSS:patch-2.7.1-12.el7_7","SUSE Liberty Linux 7:patch-2.7.1-12.el7_7","SUSE Liberty Linux 8:patch-2.7.6-9.el8_0"]},"references":[{"category":"external","summary":"CVE-2019-13638","url":"https://www.suse.com/security/cve/CVE-2019-13638"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1088420 for CVE-2019-13638","url":"https://bugzilla.suse.com/1088420"},{"category":"external","summary":"SUSE Bug 1142513 for CVE-2019-13638","url":"https://bugzilla.suse.com/1142513"},{"category":"external","summary":"SUSE Bug 1146398 for CVE-2019-13638","url":"https://bugzilla.suse.com/1146398"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Liberty Linux 7 LTSS:patch-2.7.1-12.el7_7","SUSE Liberty Linux 7:patch-2.7.1-12.el7_7","SUSE Liberty Linux 8:patch-2.7.6-9.el8_0"]}],"scores":[{"cvss_v3":{"baseScore":7.3,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","version":"3.0"},"products":["SUSE Liberty Linux 7 LTSS:patch-2.7.1-12.el7_7","SUSE Liberty Linux 7:patch-2.7.1-12.el7_7","SUSE Liberty Linux 8:patch-2.7.6-9.el8_0"]}],"threats":[{"category":"impact","date":"2019-07-23T12:15:44Z","details":"important"}],"title":"CVE-2019-13638"}]}