Security update for bash
This update for bash fixes the following security issues:
- CVE-2016-7543: Local attackers could have executed arbitrary commands via specially crafted SHELLOPTS+PS4 variables (bsc#1001299)
- CVE-2016-0634: Malicious hostnames could have allowed arbitrary command execution when $HOSTNAME was expanded in the prompt (bsc#1000396)
This update also fixes the following bugs:
- fix a crash found during debugging boo#971410
- boo#976776: crash if ~/.bash_history is empty (boo#976776)
-
Submitted by
Dr. Werner Fink (WernerFink)
Fixed bugs
bnc#1001299
VUL-1: CVE-2016-7543: bash SHELLOPTS+PS4
bnc#976776
su segmentation fault (core dumped)
bnc#1000396
VUL-1: CVE-2016-0634: bash: Arbitrary code execution via malicious hostname
