Security update for bash
This update for bash fixes the following issues:
Security issues fixed:
- CVE-2016-7543: A code execution possibility via SHELLOPTS+PS4 variable was fixed (bsc#1001299)
- CVE-2016-0634: Arbitrary code execution via malicious hostname was fixed (bsc#1000396)
Non-security issues fixed:
- Fix repeating self-calling of traps due the combination of a non-interactive shell, a trap handler for SIGINT, an
external process in the trap handler, and a SIGINT within the trap after the external process runs. (bsc#1086247)
This update was imported from the SUSE:SLE-12-SP2:Update update project.
-
Submitted by
Dr. Werner Fink (WernerFink)
Fixed bugs
bnc#1086247
bash-4.3 misbehavior in "trap"
bnc#1001299
VUL-1: CVE-2016-7543: bash SHELLOPTS+PS4
bnc#1000396
VUL-1: CVE-2016-0634: bash: Arbitrary code execution via malicious hostname
