Advisories » MGASA-2017-0005

Updated bash packages fix security vulnerability

Publication date: 06 Jan 2017
Modification date: 06 Jan 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-9401

Description

In Bash, the popd command can be tricked to free a user supplied
address, which could be used to bypass restricted shells (rsh) on some
environments to cause use-after-free (CVE-2016-9401).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=19808
• http://openwall.com/lists/oss-security/2016/11/17/9
• https://security.gentoo.org/glsa/201701-02
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9401

SRPMS

5/core

• bash-4.3-48.2.1.mga5