Overview

File _patchinfo of Package patchinfo.34955

<patchinfo incident="34955">
  <issue tracker="bnc" id="1129288">ksh segfaults in variable substitution</issue>
  <issue tracker="bnc" id="1224057">ksh-93vu-bp155.2.58 - while loop error - cannot execute Exec format error</issue>
  <issue tracker="bnc" id="1160796">VUL-0: CVE-2019-14868: ksh: environment variables on startup are interpreted as arithmetic expression leading to code injection</issue>
  <issue tracker="cve" id="2019-14868"/>
  <packager>mlschroe</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for ksh</summary>
  <description>This update for ksh fixes the following issues:

- CVE-2019-14868: Fixed code injection due to environment variables on startup interpreted as arithmetic expression (bsc#1160796)
    
Other fixes:
- do not use posix_spawn as it lacks proper job handling (bsc#1224057)
- fix segfault in variable substitution (bsc#1129288)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places