Updated bash packages fix security vulnerability
Publication date: 21 Nov 2016Modification date: 21 Nov 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-0634 , CVE-2016-7543
Description
A vulnerability was found in a way bash expands the $HOSTNAME. Injecting
the hostname with malicious code would cause it to run each time bash
expanded \h in the prompt string (CVE-2016-0634).
Shells running as root inherited PS4 from the environment, allowing PS4
expansion performing command substitution. Local attacker could gain
arbitrary code execution via bogus setuid binaries using system()/popen()
by specially crafting SHELLOPTS+PS4 environment variables (CVE-2016-7543)
References
- https://bugs.mageia.org/show_bug.cgi?id=19462
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5GRFMCTX4O7RTLZX5CI45KC7GGM6XIIY/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OU3C756YPHDAAPFX76UGZBAQQQ5UMHS5/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0634
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7543
SRPMS
5/core
- bash-4.3-48.2.mga5