Описание
Security update for bash
This update for bash fixes the following issues:
- CVE-2012-6711: Fixed a heap-based buffer overflow during echo of unsupported characters (bsc#1138676).
Список пакетов
SUSE Linux Enterprise Server 12 SP1-LTSS
bash-4.2-83.6.1
bash-doc-4.2-83.6.1
libreadline6-6.2-83.6.1
libreadline6-32bit-6.2-83.6.1
readline-doc-6.2-83.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
bash-4.2-83.6.1
bash-doc-4.2-83.6.1
libreadline6-6.2-83.6.1
libreadline6-32bit-6.2-83.6.1
readline-doc-6.2-83.6.1
Ссылки
- Link for SUSE-SU-2019:2976-1
- E-Mail link for SUSE-SU-2019:2976-1
- SUSE Security Ratings
- SUSE Bug 1138676
- SUSE CVE CVE-2012-6711 page
Описание
A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the "echo -e" built-in function, may use this flaw to crash a script or execute code with the privileges of the bash process. This occurs because ansicstr() in lib/sh/strtrans.c mishandles u32cconv().
Затронутые продукты
SUSE Linux Enterprise Server 12 SP1-LTSS:bash-4.2-83.6.1
SUSE Linux Enterprise Server 12 SP1-LTSS:bash-doc-4.2-83.6.1
SUSE Linux Enterprise Server 12 SP1-LTSS:libreadline6-32bit-6.2-83.6.1
SUSE Linux Enterprise Server 12 SP1-LTSS:libreadline6-6.2-83.6.1
Ссылки
- CVE-2012-6711
- SUSE Bug 1138676