Описание
Security update for bash
This update for bash fixes an issue that could lead to syntax errors when parsing scripts that use expr(1) inside loops.
Additionally, the popd build-in now ensures that the normalized stack offset is within bounds before trying to free that stack entry. This fixes a segmentation fault.
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
bash-4.3-82.1
bash-doc-4.3-82.1
bash-lang-4.3-82.1
libreadline6-6.3-82.1
libreadline6-32bit-6.3-82.1
readline-doc-6.3-82.1
SUSE Linux Enterprise Server 12 SP2
bash-4.3-82.1
bash-doc-4.3-82.1
libreadline6-6.3-82.1
libreadline6-32bit-6.3-82.1
readline-doc-6.3-82.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
bash-4.3-82.1
bash-doc-4.3-82.1
libreadline6-6.3-82.1
readline-doc-6.3-82.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
bash-4.3-82.1
bash-doc-4.3-82.1
libreadline6-6.3-82.1
libreadline6-32bit-6.3-82.1
readline-doc-6.3-82.1
SUSE Linux Enterprise Software Development Kit 12 SP2
bash-devel-4.3-82.1
readline-devel-6.3-82.1
SUSE Linux Enterprise Workstation Extension 12 SP2
bash-lang-4.3-82.1
Ссылки
- Link for SUSE-SU-2017:1317-1
- E-Mail link for SUSE-SU-2017:1317-1
- SUSE Security Ratings
- SUSE Bug 1010845
- SUSE Bug 1035371
- SUSE CVE CVE-2016-9401 page
Описание
popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:bash-4.3-82.1
SUSE Linux Enterprise Desktop 12 SP2:bash-doc-4.3-82.1
SUSE Linux Enterprise Desktop 12 SP2:bash-lang-4.3-82.1
SUSE Linux Enterprise Desktop 12 SP2:libreadline6-32bit-6.3-82.1
Ссылки
- CVE-2016-9401
- SUSE Bug 1010845
- SUSE Bug 1044328
- SUSE Bug 1123788
- SUSE Bug 1159416