Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 452
Alerts This Week
Warning Icon 1 452

Fedora 23: 2016-f15168439d Critical: Bash Code Execution Bug

fedora
Calendar Grey October 13, 2016
Dist Fedora Esm H88
Tailored SHELLOPTS and PS4 settings can lead to vulnerabilities in script execution. It is essential to apply updates to alleviate this significant risk in bash.
Specially crafted SHELLOPTS and PS4 variables can cause arbitrary code execution

Summary

The GNU Bourne Again shell (Bash) is a shell or command language

interpreter that is compatible with the Bourne shell (sh). Bash

incorporates useful features from the Korn shell (ksh) and the C shell

(csh). Most sh scripts can be run by bash without modification.

Update Information:

Specially crafted SHELLOPTS and PS4 variables can cause arbitrary code execution. It is a security bug described in CVE-2016-7543 and this update fixes it.

Change Log

References


[ 1 ] Bug #1379634 - CVE-2016-7543 bash: Specially crafted SHELLOPTS+PS4 variables allows command substitution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1379634

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update bash' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: bash
Product: Fedora 23
Version: 4.3.42
Release: 5.fc23
Summary: The GNU Bourne Again shell

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.