Overview

File _patchinfo of Package patchinfo.3424

<patchinfo incident="3424">
  <issue id="1001759" tracker="bnc">bash segfaults</issue>
  <issue id="1001299" tracker="bnc">VUL-1: CVE-2016-7543: bash SHELLOPTS+PS4</issue>
  <issue id="898812" tracker="bnc">VUL-0: CVE-2014-6277: bash: more troubles with functions</issue>
  <issue id="898884" tracker="bnc">VUL-0: CVE-2014-6278: bash: more code execution via fd redirection</issue>
  <issue id="1000396" tracker="bnc">VUL-1: CVE-2016-0634: bash: Arbitrary code execution via malicious hostname</issue>
  <issue id="2016-7543" tracker="cve" />
  <issue id="2016-0634" tracker="cve" />
  <issue id="2014-6277" tracker="cve" />
  <issue id="2014-6278" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>WernerFink</packager>
  <description>
This update for bash fixes the following issues:

- CVE-2016-7543: Local attackers could have executed arbitrary commands via specially crafted SHELLOPTS+PS4 variables (bsc#1001299)
- CVE-2016-0634: Malicious hostnames could have allowed arbitrary command execution when $HOSTNAME was expanded in the prompt (bsc#1000396)
- CVE-2014-6277: More troubles with functions (bsc#898812, bsc#1001759)
- CVE-2014-6278: Code execution after original 6271 fix (bsc#898884)
</description>
  <summary>Security update for bash</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places