openSUSE-SU-2017:1402-1

Опубликовано: 24 мая 2017

Источник: suse-cvrf

Описание

Security update for bash

This update for bash fixes an issue that could lead to syntax errors when parsing scripts that use expr(1) inside loops.

Additionally, the popd build-in now ensures that the normalized stack offset is within bounds before trying to free that stack entry. This fixes a segmentation fault.

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Список пакетов

openSUSE Leap 42.2

bash-4.3-80.3.1

bash-devel-4.3-80.3.1

bash-doc-4.3-80.3.1

bash-lang-4.3-80.3.1

bash-loadables-4.3-80.3.1

libreadline6-6.3-80.3.1

libreadline6-32bit-6.3-80.3.1

readline-devel-6.3-80.3.1

readline-devel-32bit-6.3-80.3.1

readline-doc-6.3-80.3.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2017-05/msg00082.html
E-Mail link for openSUSE-SU-2017:1402-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.

Затронутые продукты

openSUSE Leap 42.2:bash-4.3-80.3.1

openSUSE Leap 42.2:bash-devel-4.3-80.3.1

openSUSE Leap 42.2:bash-doc-4.3-80.3.1

openSUSE Leap 42.2:bash-lang-4.3-80.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-9401.html
CVE-2016-9401
https://bugzilla.suse.com/1010845
SUSE Bug 1010845
https://bugzilla.suse.com/1123788
SUSE Bug 1123788
https://bugzilla.suse.com/1159416
SUSE Bug 1159416

openSUSE-SU-2017:1402-1

Описание

Список пакетов

openSUSE Leap 42.2

Ссылки

Уязвимость: CVE-2016-9401

Описание

Затронутые продукты

Ссылки