ELSA-2017-1931

ELSA-2017-1931 - bash security and bug fix update

Type:SECURITY
Severity:MODERATE
Release Date:2017-08-07

Description


[4.2.46-28]
- CVE-2016-9401 - Fix crash when '-' is passed as second sign to popd
Resolves: #1429838

[4.2.46-27]
- CVE-2016-7543: Fix for arbitrary code execution via SHELLOPTS+PS4 variables
Resolves: #1426026

[4.2.46-26]
- CVE-2016-0634: Fix for arbitrary code execution via malicious hostname
Resolves: #1379237

[4.2.46-25]
- Plug a leak related to compound assignments
Resolves: #1264101

[4.2.46-24]
- Recognize cd -e
Resolves: #1267478

[4.2.46-23]
- Add a condition before setting pipeline_pgrp to shell_pgrp
Resolves: #1377496

[4.2.46-22]
- Avoid crash in parameter expansion while expanding long strings
Resolves: #1403255


Related CVEs


CVE-2016-0634
CVE-2016-7543
CVE-2016-9401

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (aarch64) bash-4.2.46-28.el7.src.rpmf9eff2dfc5b67f3ea5a668f34f796756ELSA-2020-1113
bash-4.2.46-28.el7.aarch64.rpm61899f4a8bd64699d53a6fc3b0e75d52ELSA-2020-1113
bash-doc-4.2.46-28.el7.aarch64.rpma3d4e0bc56963ad5c552b6bdb0dee15dELSA-2020-1113
Oracle Linux 7 (x86_64) bash-4.2.46-28.el7.src.rpmf9eff2dfc5b67f3ea5a668f34f796756ELSA-2020-1113
bash-4.2.46-28.el7.x86_64.rpm3d949592a52bab33448196db6374def7ELSA-2020-1113
bash-doc-4.2.46-28.el7.x86_64.rpmeaeb111da41b452323a949bcbb50c0efELSA-2020-1113



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete