logo
DATABASE RESOURCES PRICING ABOUT US

Medium: bash

Description

**Issue Overview:** popd controlled free: A denial of service flaw was found in the way bash handled popd commands. A poorly written shell script could cause bash to crash resulting in a local denial of service limited to a specific bash session.(CVE-2016-9401) Arbitrary code execution via malicious hostname: An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines running bash under specific circumstances.(CVE-2016-0634) Specially crafted SHELLOPTS+PS4 variables allows command substitution: An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances. (CVE-2016-7543) **Affected Packages:** bash **Issue Correction:** Run _yum update bash_ to update your system. **New Packages:** i686:     bash-doc-4.2.46-28.37.amzn1.i686     bash-4.2.46-28.37.amzn1.i686     bash-debuginfo-4.2.46-28.37.amzn1.i686 src:     bash-4.2.46-28.37.amzn1.src x86_64:     bash-debuginfo-4.2.46-28.37.amzn1.x86_64     bash-4.2.46-28.37.amzn1.x86_64     bash-doc-4.2.46-28.37.amzn1.x86_64


Affected Package


OS OS Version Package Name Package Version
Amazon Linux 1 bash-doc 4.2.46-28.37.amzn1
Amazon Linux 1 bash 4.2.46-28.37.amzn1
Amazon Linux 1 bash-debuginfo 4.2.46-28.37.amzn1
Amazon Linux 1 bash 4.2.46-28.37.amzn1
Amazon Linux 1 bash-debuginfo 4.2.46-28.37.amzn1
Amazon Linux 1 bash 4.2.46-28.37.amzn1
Amazon Linux 1 bash-doc 4.2.46-28.37.amzn1

Related