ALT-PU-2018-2880-1
Closed vulnerabilities
BDU:2019-01405
Уязвимость ограниченного командного интерпретатора rbash командной оболочки Bash, позволяющая нарушителю выполнить произвольные команды
Modified: 2024-11-21
CVE-2012-6711
A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the "echo -e" built-in function, may use this flaw to crash a script or execute code with the privileges of the bash process. This occurs because ansicstr() in lib/sh/strtrans.c mishandles u32cconv().
- http://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel&id=863d31ae775d56b785dc5b0105b6d251515d81d5
- http://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel&id=863d31ae775d56b785dc5b0105b6d251515d81d5
- 108824
- 108824
- https://bugzilla.redhat.com/show_bug.cgi?id=1721071
- https://bugzilla.redhat.com/show_bug.cgi?id=1721071
- https://support.f5.com/csp/article/K05122252
- https://support.f5.com/csp/article/K05122252
- https://support.f5.com/csp/article/K05122252?utm_source=f5support&%3Butm_medium=RSS
- https://support.f5.com/csp/article/K05122252?utm_source=f5support&%3Butm_medium=RSS
- USN-4180-1
- USN-4180-1
Modified: 2024-11-21
CVE-2016-7543
Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.
- RHSA-2017:0725
- RHSA-2017:0725
- [oss-security] 20160926 CVE-2016-7543 -- bash SHELLOPTS+PS4
- [oss-security] 20160926 CVE-2016-7543 -- bash SHELLOPTS+PS4
- 93183
- 93183
- 1037812
- 1037812
- RHSA-2017:1931
- RHSA-2017:1931
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05388115
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05388115
- FEDORA-2016-2c4b5ad64e
- FEDORA-2016-2c4b5ad64e
- FEDORA-2016-5a54fb4784
- FEDORA-2016-5a54fb4784
- FEDORA-2016-f84391516d
- FEDORA-2016-f84391516d
- [bug-bash] 20160916 Bash-4.4 Release available
- [bug-bash] 20160916 Bash-4.4 Release available
- GLSA-201701-02
- GLSA-201701-02
Modified: 2024-11-21
CVE-2016-9401
popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.
- RHSA-2017:0725
- RHSA-2017:0725
- [oss-security] 20161117 bash - popd controlled free
- [oss-security] 20161117 bash - popd controlled free
- [oss-security] 20161117 Re: bash - popd controlled free
- [oss-security] 20161117 Re: bash - popd controlled free
- 94398
- 94398
- RHSA-2017:1931
- RHSA-2017:1931
- [debian-lts-announce] 20190325 [SECURITY] [DLA 1726-1] bash security update
- [debian-lts-announce] 20190325 [SECURITY] [DLA 1726-1] bash security update
- GLSA-201701-02
- GLSA-201701-02
Modified: 2024-11-21
CVE-2019-9924
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.
- http://git.savannah.gnu.org/cgit/bash.git/tree/CHANGES?h=bash-4.4-testing#n65
- openSUSE-SU-2019:1178
- https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441
- [debian-lts-announce] 20190325 [SECURITY] [DLA 1726-1] bash security update
- https://security.netapp.com/advisory/ntap-20190411-0001/
- USN-4058-1
- USN-4058-2
- http://git.savannah.gnu.org/cgit/bash.git/tree/CHANGES?h=bash-4.4-testing#n65
- USN-4058-2
- USN-4058-1
- https://security.netapp.com/advisory/ntap-20190411-0001/
- [debian-lts-announce] 20190325 [SECURITY] [DLA 1726-1] bash security update
- https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441
- openSUSE-SU-2019:1178
Closed bugs
bash4.info is not seen in the catalogue
sh4 --rpm-requires segfaults in the new version (4.3.42)
Обновить bash4 до версии 4.4