Описание
Security update for bash
This update for bash fixes the following issues:
Security issues fixed:
- CVE-2016-7543: A code execution possibility via SHELLOPTS+PS4 variable was fixed (bsc#1001299)
- CVE-2016-0634: Arbitrary code execution via malicious hostname was fixed (bsc#1000396)
Non-security issues fixed:
- Fix repeating self-calling of traps due the combination of a non-interactive shell, a trap handler for SIGINT, an external process in the trap handler, and a SIGINT within the trap after the external process runs. (bsc#1086247)
Список пакетов
SUSE Linux Enterprise Server 12 SP2-BCL
bash-4.3-83.10.1
bash-doc-4.3-83.10.1
libreadline6-6.3-83.10.1
libreadline6-32bit-6.3-83.10.1
readline-doc-6.3-83.10.1
Ссылки
- Link for SUSE-SU-2018:1398-2
- E-Mail link for SUSE-SU-2018:1398-2
- SUSE Security Ratings
- SUSE Bug 1000396
- SUSE Bug 1001299
- SUSE Bug 1086247
- SUSE CVE CVE-2016-0634 page
- SUSE CVE CVE-2016-7543 page
Описание
The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-BCL:bash-4.3-83.10.1
SUSE Linux Enterprise Server 12 SP2-BCL:bash-doc-4.3-83.10.1
SUSE Linux Enterprise Server 12 SP2-BCL:libreadline6-32bit-6.3-83.10.1
SUSE Linux Enterprise Server 12 SP2-BCL:libreadline6-6.3-83.10.1
Ссылки
- CVE-2016-0634
- SUSE Bug 1000396
- SUSE Bug 1001299
- SUSE Bug 1159416
- SUSE Bug 1188388
Описание
Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-BCL:bash-4.3-83.10.1
SUSE Linux Enterprise Server 12 SP2-BCL:bash-doc-4.3-83.10.1
SUSE Linux Enterprise Server 12 SP2-BCL:libreadline6-32bit-6.3-83.10.1
SUSE Linux Enterprise Server 12 SP2-BCL:libreadline6-6.3-83.10.1
Ссылки
- CVE-2016-7543
- SUSE Bug 1001299
- SUSE Bug 1159416