Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 494
Alerts This Week
Warning Icon 1 494

Fedora 25 Bash Update: Important Fix for Code Execution Vulnerability

fedora
Calendar Grey October 9, 2016
Dist Fedora Esm H88
An important patch for Fedora 25 has been released to fix a serious vulnerability that could enable unauthorized code execution through SHELLOPTS environment variables.
Specially crafted SHELLOPTS and PS4 variables can cause arbitrary code execution

Summary

The GNU Bourne Again shell (Bash) is a shell or command language

interpreter that is compatible with the Bourne shell (sh). Bash

incorporates useful features from the Korn shell (ksh) and the C shell

(csh). Most sh scripts can be run by bash without modification.

Update Information:

Specially crafted SHELLOPTS and PS4 variables can cause arbitrary code execution. It is a security bug described in CVE-2016-7543 and this update fixes it.

Change Log

References


[ 1 ] Bug #1379634 - CVE-2016-7543 bash: Specially crafted SHELLOPTS+PS4 variables allows command substitution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1379634

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update bash' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
important
Lowest
Low
Medium
High
Critical

Name: bash
Product: Fedora 25
Version: 4.3.43
Release: 4.fc25
URL:
Summary: The GNU Bourne Again shell

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.