ksh security update

ID CESA-2020:0568
Type centos
Reporter CentOS Project
Modified 2020-02-26T17:14:16


CentOS Errata and Security Advisory CESA-2020:0568

KornShell (ksh) is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell (sh) and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard (IEEE Std 1003.2-1992).

Security Fix(es):

  • ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (CVE-2019-14868)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2020-February/035647.html

Affected packages: ksh

Upstream details at: