ELSA-2017-0725

ELSA-2017-0725 - bash security and bug fix update

Type:SECURITY
Severity:MODERATE
Release Date:2017-03-27

Description


[4.1.2-48]
- Fix signal handling in read builtin
Resolves: #1421926

[4.1.2-47]
- CVE-2016-9401 - Fix crash when '-' is passed as second sign to popd
Resolves: #1396383

[4.1.2-46]
- CVE-2016-7543 - Fix for arbitrary code execution via SHELLOPTS+PS4 variables
Resolves: #1379630

[4.1.2-45]
- CVE-2016-0634 - Fix for arbitrary code execution via malicious hostname
Resolves: #1377613

[4.1.2-44]
- Avoid crash in parameter expansion while expanding long strings
Resolves: #1359142

[4.1.2-43]
- Stop reading input when SIGHUP is received
Resolves: #1325753

[4.1.2-42]
- Bash leaks memory while doing pattern removal in parameter expansion
Resolves: #1283829


Related CVEs


CVE-2016-0634
CVE-2016-7543
CVE-2016-9401

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 6 (i386) bash-4.1.2-48.el6.src.rpm479277caf7ab651eeef6b113c4b321d8-
bash-4.1.2-48.el6.i686.rpmb04b5a4576461b7a348762615f81a1c7-
bash-doc-4.1.2-48.el6.i686.rpmf0e0237773972e986cefe3fbcf88e05b-
Oracle Linux 6 (x86_64) bash-4.1.2-48.el6.src.rpm479277caf7ab651eeef6b113c4b321d8-
bash-4.1.2-48.el6.x86_64.rpm7afa451f75e27f9c858aaf4054450e54-
bash-doc-4.1.2-48.el6.x86_64.rpm969580c492750079e272d18de80213fb-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete