Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 561
Alerts This Week
Warning Icon 1 561

Red Hat Enterprise Linux 5 RHSA-2011:1073-01 Low: Bash Security Problem

red hat
Calendar Grey July 21, 2011
Scroller Redhat Esm H88
Ubuntu patches shell to address vulnerabilities and enhance stability; minimal risk notice for Ubuntu Server OS.
An updated bash package that fixes one security issue, several bugs, and adds one enhancement is now available for Red Hat Enterprise Linux 5

Solution

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259

Summary

Bash is the default shell for Red Hat Enterprise Linux.
It was found that certain scripts bundled with the Bash documentation created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files accessible to the victim running the scripts. (CVE-2008-5374)
This update fixes the following bugs:
* When using the source builtin at location ".", occasionally, bash opted to preserve internal consistency and abort scripts. This caused bash to abort scripts that assigned values to read-only variables. This is now fixed to ensure that such scripts are now executed as written and not aborted. (BZ#448508)
* When the tab key was pressed for auto-completion options for the typed text, the cursor moved to an unexpected position on a previous line if the prompt contained characters that cannot be viewed and a "\]". This is now fixed to retain the cursor at the expected position at the end of the target line after autocomplete options correctly display. (BZ#463880)
* Bash attempted to interpret the NOBITS .dynamic section of the ELF header. This resulted in a "^D: bad ELF interpreter: No such file or directory" message. This is fixed to ensure that the invalid "^D" does not appear in the error message. (BZ#484809)
* The $RANDOM variable in Bash carried over values from a previous execution for later jobs. This is fixed and the $RANDOM variable generates a new random number for each use. (BZ#492908)
* When Bash ran a shell script with an embedded null character, bash's source builtin parsed the script incorrectly. This is fixed and bash's source builtin correctly parses shell script null characters. (BZ#503701)
* The bash manual page for "trap" did not mention that signals ignored upon entry cannot be listed later. The manual page was updated for this update and now specifically notes that "Signals ignored upon entry to the shell cannot be trapped, reset or listed". (BZ#504904)
* Bash's readline incorrectly displayed additional text when resizing the terminal window when text spanned more than one line, which caused incorrect display output. This is now fixed to ensure that text in more than one line in a resized window displays as expected. (BZ#525474)
* Previously, bash incorrectly displayed "Broken pipe" messages for builtins like "echo" and "printf" when output did not succeed due to EPIPE. This is fixed to ensure that the unnecessary "Broken pipe" messages no longer display. (BZ#546529)
* Inserts with the repeat function were not possible after a deletion in vi-mode. This has been corrected and, with this update, the repeat function works as expected after a deletion. (BZ#575076)
* In some situations, bash incorrectly appended "/" to files instead of just directories during tab-completion, causing incorrect auto-completions. This is fixed and auto-complete appends "/" only to directories. (BZ#583919)
* Bash had a memory leak in the "read" builtin when the number of fields being read was not equal to the number of variables passed as arguments, causing a shell script crash. This is fixed to prevent a memory leak and shell script crash. (BZ#618393)
* /usr/share/doc/bash-3.2/loadables in the bash package contained source files which would not build due to missing C header files. With this update, the unusable (and unbuildable) source files were removed from the package. (BZ#663656)
This update also adds the following enhancement:
* The system-wide "/etc/bash.bash_logout" bash logout file is now enabled. This allows administrators to write system-wide logout actions for all users. (BZ#592979)
Users of bash are advised to upgrade to this updated package, which contains backported patches to resolve these issues and add this enhancement.

References

https://access.redhat.com/security/cve/CVE-2008-5374 https://access.redhat.com/security/updates/classification#low

Package List

Red Hat Enterprise Linux Desktop (v. 5 client):
Source:
i386: bash-3.2-32.el5.i386.rpm bash-debuginfo-3.2-32.el5.i386.rpm
x86_64: bash-3.2-32.el5.x86_64.rpm bash-debuginfo-3.2-32.el5.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source:
i386: bash-3.2-32.el5.i386.rpm bash-debuginfo-3.2-32.el5.i386.rpm
ia64: bash-3.2-32.el5.i386.rpm bash-3.2-32.el5.ia64.rpm bash-debuginfo-3.2-32.el5.i386.rpm bash-debuginfo-3.2-32.el5.ia64.rpm
ppc: bash-3.2-32.el5.ppc.rpm bash-debuginfo-3.2-32.el5.ppc.rpm
s390x: bash-3.2-32.el5.s390x.rpm bash-debuginfo-3.2-32.el5.s390x.rpm
x86_64: bash-3.2-32.el5.x86_64.rpm bash-debuginfo-3.2-32.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package


Severity
low
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2011:1073-01
Product: Red Hat Enterprise Linux
Issue date: 2011-07-21

Topic

An updated bash package that fixes one security issue, several bugs, andadds one enhancement is now available for Red Hat Enterprise Linux 5.The Red Hat Security Response Team has rated this update as having lowsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available from the CVE link inthe References section.

Relevant Releases Architectures

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

Bugs Fixed

448508 - Parsing of {} broken; breaks startup scripts

463880 - bash completion in UTF8 locale has cursor positioning errors with long $PS1

475474 - CVE-2008-5374 bash: Insecure temporary file use in aliasconv.sh, aliasconv.bash, cshtobash (symlink attack)

484809 - [RHEL5] bash includes Control-D in "bad ELF interpreter" message

492908 - $RANDOM value remains the same

503701 - Cannot process scripts beyond an embedded NULL character when running in 'source' mode

504904 - trap -p not displaying ignored signal when run from child bash

525474 - bash/readline not detecting window resize properly

583919 - tab-completion appends slash to non-directories

592979 - system global bash.bash_logout is diabled in config-top.h

618393 - memory leak in bash reading files

663656 - Unusable loadables in /doc

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.