Updated bash packages fix a security vulnerability
Publication date: 28 Jun 2021Modification date: 28 Jun 2021
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-18276
Description
A privilege escalation vulnerability was found in bash in the way it dropped privileges when started with an effective user id not equal to the real user id. Bash may be vulnerable to this flaw if the setuid permission is set and the owner of the bash program itself is a non-root user. A local attacker could exploit this flaw to escalate their privileges on the system (CVE-2019-18276).
References
SRPMS
7/core
- bash-4.4-23.1.2.mga7