Описание
Security update for bash
This update for bash fixes the following issues:
Security issue fixed:
- CVE-2019-9924: Fixed a vulnerability in which shell did not prevent user BASH_CMDS allowing the user to execute any command with the permissions of the shell (bsc#1130324).
Список пакетов
SUSE Linux Enterprise Server 12 SP1-LTSS
bash-4.2-83.3.1
bash-doc-4.2-83.3.1
libreadline6-6.2-83.3.1
libreadline6-32bit-6.2-83.3.1
readline-doc-6.2-83.3.1
SUSE Linux Enterprise Server 12-LTSS
bash-4.2-83.3.1
bash-doc-4.2-83.3.1
libreadline6-6.2-83.3.1
libreadline6-32bit-6.2-83.3.1
readline-doc-6.2-83.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
bash-4.2-83.3.1
bash-doc-4.2-83.3.1
libreadline6-6.2-83.3.1
libreadline6-32bit-6.2-83.3.1
readline-doc-6.2-83.3.1
Ссылки
- Link for SUSE-SU-2019:0898-1
- E-Mail link for SUSE-SU-2019:0898-1
- SUSE Security Ratings
- SUSE Bug 1130324
- SUSE CVE CVE-2019-9924 page
Описание
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP1-LTSS:bash-4.2-83.3.1
SUSE Linux Enterprise Server 12 SP1-LTSS:bash-doc-4.2-83.3.1
SUSE Linux Enterprise Server 12 SP1-LTSS:libreadline6-32bit-6.2-83.3.1
SUSE Linux Enterprise Server 12 SP1-LTSS:libreadline6-6.2-83.3.1
Ссылки
- CVE-2019-9924
- SUSE Bug 1130324