logo
DATABASE RESOURCES PRICING ABOUT US

Updated bash packages fix security vulnerability

Description

A vulnerability was found in a way bash expands the $HOSTNAME. Injecting the hostname with malicious code would cause it to run each time bash expanded \h in the prompt string (CVE-2016-0634). Shells running as root inherited PS4 from the environment, allowing PS4 expansion performing command substitution. Local attacker could gain arbitrary code execution via bogus setuid binaries using system()/popen() by specially crafting SHELLOPTS+PS4 environment variables (CVE-2016-7543)


Affected Package


OS OS Version Package Name Package Version
Mageia 5 bash 4.3-48.2

Related