Описание
Security update for bash
This update for bash fixes the following issues:
Security issue fixed:
- CVE-2019-9924: Fixed a vulnerability in which shell did not prevent user BASH_CMDS allowing the user to execute any command with the permissions of the shell (bsc#1130324).
Список пакетов
Container caasp/v4/nginx-ingress-controller:beta1
bash-4.3-83.23.1
libreadline6-6.3-83.23.1
Container suse/ltss/sle12.5/sles12sp5:latest
bash-4.3-83.23.1
libreadline6-6.3-83.23.1
Container suse/sles12sp3:latest
bash-4.3-83.23.1
libreadline6-6.3-83.23.1
Container suse/sles12sp4:latest
bash-4.3-83.23.1
libreadline6-6.3-83.23.1
Container suse/sles12sp5:latest
bash-4.3-83.23.1
libreadline6-6.3-83.23.1
Image SLES12-SP5-Azure-BYOS
bash-4.3-83.23.1
libreadline6-6.3-83.23.1
Image SLES12-SP5-Azure-Basic-On-Demand
bash-4.3-83.23.1
libreadline6-6.3-83.23.1
Image SLES12-SP5-Azure-HPC-BYOS
bash-4.3-83.23.1
libreadline6-6.3-83.23.1
Image SLES12-SP5-Azure-HPC-On-Demand
bash-4.3-83.23.1
libreadline6-6.3-83.23.1
Image SLES12-SP5-Azure-SAP-BYOS
bash-4.3-83.23.1
libreadline6-6.3-83.23.1
Image SLES12-SP5-Azure-SAP-On-Demand
bash-4.3-83.23.1
libreadline6-6.3-83.23.1
Image SLES12-SP5-Azure-Standard-On-Demand
bash-4.3-83.23.1
libreadline6-6.3-83.23.1
Image SLES12-SP5-EC2-BYOS
bash-4.3-83.23.1
libreadline6-6.3-83.23.1
Image SLES12-SP5-EC2-ECS-On-Demand
bash-4.3-83.23.1
libreadline6-6.3-83.23.1
Image SLES12-SP5-EC2-On-Demand
bash-4.3-83.23.1
libreadline6-6.3-83.23.1
Image SLES12-SP5-EC2-SAP-BYOS
bash-4.3-83.23.1
libreadline6-6.3-83.23.1
Image SLES12-SP5-EC2-SAP-On-Demand
bash-4.3-83.23.1
libreadline6-6.3-83.23.1
Image SLES12-SP5-GCE-BYOS
bash-4.3-83.23.1
libreadline6-6.3-83.23.1
Image SLES12-SP5-GCE-On-Demand
bash-4.3-83.23.1
libreadline6-6.3-83.23.1
Image SLES12-SP5-GCE-SAP-BYOS
bash-4.3-83.23.1
libreadline6-6.3-83.23.1
Image SLES12-SP5-GCE-SAP-On-Demand
bash-4.3-83.23.1
libreadline6-6.3-83.23.1
Image SLES12-SP5-OCI-BYOS-BYOS
bash-4.3-83.23.1
libreadline6-6.3-83.23.1
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
bash-4.3-83.23.1
libreadline6-6.3-83.23.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
bash-4.3-83.23.1
libreadline6-6.3-83.23.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
bash-4.3-83.23.1
libreadline6-6.3-83.23.1
SUSE Linux Enterprise Desktop 12 SP3
bash-4.3-83.23.1
bash-doc-4.3-83.23.1
bash-lang-4.3-83.23.1
libreadline6-6.3-83.23.1
libreadline6-32bit-6.3-83.23.1
readline-doc-6.3-83.23.1
SUSE Linux Enterprise Desktop 12 SP4
bash-4.3-83.23.1
bash-doc-4.3-83.23.1
bash-lang-4.3-83.23.1
libreadline6-6.3-83.23.1
libreadline6-32bit-6.3-83.23.1
readline-doc-6.3-83.23.1
SUSE Linux Enterprise Server 12 SP3
bash-4.3-83.23.1
bash-doc-4.3-83.23.1
libreadline6-6.3-83.23.1
libreadline6-32bit-6.3-83.23.1
readline-doc-6.3-83.23.1
SUSE Linux Enterprise Server 12 SP4
bash-4.3-83.23.1
bash-doc-4.3-83.23.1
libreadline6-6.3-83.23.1
libreadline6-32bit-6.3-83.23.1
readline-doc-6.3-83.23.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
bash-4.3-83.23.1
bash-doc-4.3-83.23.1
libreadline6-6.3-83.23.1
libreadline6-32bit-6.3-83.23.1
readline-doc-6.3-83.23.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
bash-4.3-83.23.1
bash-doc-4.3-83.23.1
libreadline6-6.3-83.23.1
libreadline6-32bit-6.3-83.23.1
readline-doc-6.3-83.23.1
SUSE Linux Enterprise Software Development Kit 12 SP3
bash-devel-4.3-83.23.1
readline-devel-6.3-83.23.1
SUSE Linux Enterprise Software Development Kit 12 SP4
bash-devel-4.3-83.23.1
readline-devel-6.3-83.23.1
SUSE Linux Enterprise Workstation Extension 12 SP3
bash-lang-4.3-83.23.1
SUSE Linux Enterprise Workstation Extension 12 SP4
bash-lang-4.3-83.23.1
Ссылки
- Link for SUSE-SU-2019:0838-1
- E-Mail link for SUSE-SU-2019:0838-1
- SUSE Security Ratings
- SUSE Bug 1130324
- SUSE CVE CVE-2019-9924 page
Описание
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.
Затронутые продукты
Container caasp/v4/nginx-ingress-controller:beta1:bash-4.3-83.23.1
Container caasp/v4/nginx-ingress-controller:beta1:libreadline6-6.3-83.23.1
Container suse/ltss/sle12.5/sles12sp5:latest:bash-4.3-83.23.1
Container suse/ltss/sle12.5/sles12sp5:latest:libreadline6-6.3-83.23.1
Ссылки
- CVE-2019-9924
- SUSE Bug 1130324