Описание
Security update for bash
This update for bash fixes the following issues:
Security issues fixed:
- CVE-2016-7543: A code execution possibility via SHELLOPTS+PS4 variable was fixed (bsc#1001299)
- CVE-2016-0634: Arbitrary code execution via malicious hostname was fixed (bsc#1000396)
Non-security issues fixed:
- Fix repeating self-calling of traps due the combination of a non-interactive shell, a trap handler for SIGINT, an external process in the trap handler, and a SIGINT within the trap after the external process runs. (bsc#1086247)
Список пакетов
SUSE Enterprise Storage 4
bash-4.3-83.10.1
bash-doc-4.3-83.10.1
libreadline6-6.3-83.10.1
libreadline6-32bit-6.3-83.10.1
readline-doc-6.3-83.10.1
SUSE Linux Enterprise Desktop 12 SP3
bash-4.3-83.10.1
bash-doc-4.3-83.10.1
bash-lang-4.3-83.10.1
libreadline6-6.3-83.10.1
libreadline6-32bit-6.3-83.10.1
readline-doc-6.3-83.10.1
SUSE Linux Enterprise Server 12 SP2-LTSS
bash-4.3-83.10.1
bash-doc-4.3-83.10.1
libreadline6-6.3-83.10.1
libreadline6-32bit-6.3-83.10.1
readline-doc-6.3-83.10.1
SUSE Linux Enterprise Server 12 SP3
bash-4.3-83.10.1
bash-doc-4.3-83.10.1
libreadline6-6.3-83.10.1
libreadline6-32bit-6.3-83.10.1
readline-doc-6.3-83.10.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
bash-4.3-83.10.1
bash-doc-4.3-83.10.1
libreadline6-6.3-83.10.1
libreadline6-32bit-6.3-83.10.1
readline-doc-6.3-83.10.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
bash-4.3-83.10.1
bash-doc-4.3-83.10.1
libreadline6-6.3-83.10.1
libreadline6-32bit-6.3-83.10.1
readline-doc-6.3-83.10.1
SUSE Linux Enterprise Software Development Kit 12 SP3
bash-devel-4.3-83.10.1
readline-devel-6.3-83.10.1
SUSE Linux Enterprise Workstation Extension 12 SP3
bash-lang-4.3-83.10.1
SUSE OpenStack Cloud 7
bash-4.3-83.10.1
bash-doc-4.3-83.10.1
libreadline6-6.3-83.10.1
libreadline6-32bit-6.3-83.10.1
readline-doc-6.3-83.10.1
Ссылки
- Link for SUSE-SU-2018:1398-1
- E-Mail link for SUSE-SU-2018:1398-1
- SUSE Security Ratings
- SUSE Bug 1000396
- SUSE Bug 1001299
- SUSE Bug 1086247
- SUSE CVE CVE-2016-0634 page
- SUSE CVE CVE-2016-7543 page
Описание
The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine.
Затронутые продукты
SUSE Enterprise Storage 4:bash-4.3-83.10.1
SUSE Enterprise Storage 4:bash-doc-4.3-83.10.1
SUSE Enterprise Storage 4:libreadline6-32bit-6.3-83.10.1
SUSE Enterprise Storage 4:libreadline6-6.3-83.10.1
Ссылки
- CVE-2016-0634
- SUSE Bug 1000396
- SUSE Bug 1001299
- SUSE Bug 1159416
- SUSE Bug 1188388
Описание
Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.
Затронутые продукты
SUSE Enterprise Storage 4:bash-4.3-83.10.1
SUSE Enterprise Storage 4:bash-doc-4.3-83.10.1
SUSE Enterprise Storage 4:libreadline6-32bit-6.3-83.10.1
SUSE Enterprise Storage 4:libreadline6-6.3-83.10.1
Ссылки
- CVE-2016-7543
- SUSE Bug 1001299
- SUSE Bug 1159416