Описание
Security update for bash
This update for bash fixes the following issues:
Security issues fixed:
- CVE-2016-7543: A code execution possibility via SHELLOPTS+PS4 variable was fixed (bsc#1001299)
- CVE-2016-0634: Arbitrary code execution via malicious hostname was fixed (bsc#1000396)
Non-security issues fixed:
- Fix repeating self-calling of traps due the combination of a non-interactive shell, a trap handler for SIGINT, an external process in the trap handler, and a SIGINT within the trap after the external process runs. (bsc#1086247)
This update was imported from the SUSE:SLE-12-SP2:Update update project.
Список пакетов
openSUSE Leap 42.3
bash-4.3-83.6.1
bash-devel-4.3-83.6.1
bash-doc-4.3-83.6.1
bash-lang-4.3-83.6.1
bash-loadables-4.3-83.6.1
libreadline6-6.3-83.6.1
libreadline6-32bit-6.3-83.6.1
readline-devel-6.3-83.6.1
readline-devel-32bit-6.3-83.6.1
readline-doc-6.3-83.6.1
Ссылки
- E-Mail link for openSUSE-SU-2018:1419-1
- SUSE Security Ratings
Описание
The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine.
Затронутые продукты
openSUSE Leap 42.3:bash-4.3-83.6.1
openSUSE Leap 42.3:bash-devel-4.3-83.6.1
openSUSE Leap 42.3:bash-doc-4.3-83.6.1
openSUSE Leap 42.3:bash-lang-4.3-83.6.1
Ссылки
- CVE-2016-0634
- SUSE Bug 1000396
- SUSE Bug 1001299
- SUSE Bug 1159416
Описание
Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.
Затронутые продукты
openSUSE Leap 42.3:bash-4.3-83.6.1
openSUSE Leap 42.3:bash-devel-4.3-83.6.1
openSUSE Leap 42.3:bash-doc-4.3-83.6.1
openSUSE Leap 42.3:bash-lang-4.3-83.6.1
Ссылки
- CVE-2016-7543
- SUSE Bug 1001299
- SUSE Bug 1159416