Описание
Security update for bash
This update for bash fixes the following issues:
- CVE-2016-7543: Local attackers could have executed arbitrary commands via specially crafted SHELLOPTS+PS4 variables. (bsc#1001299)
- CVE-2016-0634: Malicious hostnames could have allowed arbitrary command execution when $HOSTNAME was expanded in the prompt. (bsc#1000396)
The following bugs were fixed:
- bsc#971410: Scripts could terminate unexpectedly due to mishandled recursive traps.
- bsc#959755: Clarify that the files /etc/profile as well as /etc/bash.bashrc may source other files as well even if the bash does not.
Список пакетов
SUSE Linux Enterprise Server 11 SP4
bash-3.2-147.29.1
bash-doc-3.2-147.29.1
bash-x86-3.2-147.29.1
libreadline5-5.2-147.29.1
libreadline5-32bit-5.2-147.29.1
libreadline5-x86-5.2-147.29.1
readline-doc-5.2-147.29.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
bash-3.2-147.29.1
bash-doc-3.2-147.29.1
bash-x86-3.2-147.29.1
libreadline5-5.2-147.29.1
libreadline5-32bit-5.2-147.29.1
libreadline5-x86-5.2-147.29.1
readline-doc-5.2-147.29.1
SUSE Linux Enterprise Software Development Kit 11 SP4
libreadline5-5.2-147.29.1
readline-devel-5.2-147.29.1
readline-devel-32bit-5.2-147.29.1
Ссылки
- Link for SUSE-SU-2017:0302-1
- E-Mail link for SUSE-SU-2017:0302-1
- SUSE Security Ratings
- SUSE Bug 1000396
- SUSE Bug 1001299
- SUSE Bug 959755
- SUSE Bug 971410
- SUSE CVE CVE-2016-0634 page
- SUSE CVE CVE-2016-7543 page
Описание
The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:bash-3.2-147.29.1
SUSE Linux Enterprise Server 11 SP4:bash-doc-3.2-147.29.1
SUSE Linux Enterprise Server 11 SP4:bash-x86-3.2-147.29.1
SUSE Linux Enterprise Server 11 SP4:libreadline5-32bit-5.2-147.29.1
Ссылки
- CVE-2016-0634
- SUSE Bug 1000396
- SUSE Bug 1001299
- SUSE Bug 1159416
- SUSE Bug 1188388
Описание
Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:bash-3.2-147.29.1
SUSE Linux Enterprise Server 11 SP4:bash-doc-3.2-147.29.1
SUSE Linux Enterprise Server 11 SP4:bash-x86-3.2-147.29.1
SUSE Linux Enterprise Server 11 SP4:libreadline5-32bit-5.2-147.29.1
Ссылки
- CVE-2016-7543
- SUSE Bug 1001299
- SUSE Bug 1159416