Summary: | <app-shells/bash-4.3_p48: Specially crafted SHELLOPTS+PS4 variables allows command substitution | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | base-system, slawomir.nizio |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1379630 | ||
Whiteboard: | A2 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2016-09-27 12:06:21 UTC
commit 49dcef88c9b9d94334ae251a8f658739a19ccf3c Author: Lars Wendler <polynomial-c@gentoo.org> Date: Tue Sep 27 14:17:05 2016 package.mask: Unmasked bash-4.4/readline-7.0 for wider testing. Since there seems to be no backported patch available I've unmasked bash-4.4 Let's wait a couple of days for stabilization call. I have the feeling that soon there will be some upstream patches available for bash-4.4 as well. commit 8a8e224a29a12f871d6adf7c53d85fd8e9e5b69f Author: Lars Wendler <polynomial-c@gentoo.org> Date: Fri Oct 7 10:56:18 2016 app-shells/bash: Bump to version 4.3_p48 Package-Manager: portage-2.3.1 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> Arches please test and mark stable =app-shells/bash-4.3_p48 with target KEYWORDS: alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd amd64 stable x86 stable Stable for HPPA PPC64. Stable on alpha arm stable done the rest now Added to existing GLSA. This issue was resolved and addressed in GLSA 201701-02 at https://security.gentoo.org/glsa/201701-02 by GLSA coordinator Thomas Deutschmann (whissi). |