Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2024:2756-1 Important: Ksh Code Injection and Segfault Fixes

suse
Calendar Grey August 5, 2024
Dist Suse Esm H88
Critical enhancements for ksh in SUSE tackling code injection vulnerabilities and segmentation fault issues through various patches.
* bsc#1129288 * bsc#1160796 * bsc#1224057 Cross-References:

Summary

## This update for ksh fixes the following issues: * CVE-2019-14868: Fixed code injection due to environment variables on startup interpreted as arithmetic expression (bsc#1160796) Other fixes: \- do not use posix_spawn as it lacks proper job handling (bsc#1224057) \- fix segfault in variable substitution (bsc#1129288) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Legacy Module 12 zypper in -t patch SUSE-SLE-Module-Legacy-12-2024-2756=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-2756=1 ## Package List: * Legacy Module 12 (aarch64 ppc64le s390x x86_64) * ksh-debuginfo-93vu-19.3.2

Topics%20covered

Topics Covered

security advisory security fix patch update SUSE code injection segmentation fault

References

* bsc#1129288

* bsc#1160796

* bsc#1224057

Cross-

* CVE-2019-14868

CVSS scores:

* CVE-2019-14868 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2019-14868 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* Legacy Module 12

* SUSE Linux Enterprise High Performance Computing 12 SP2

* SUSE Linux Enterprise High Performance Computing 12 SP3

* SUSE Linux Enterprise High Performance Computing 12 SP4

* SUSE Linux Enterprise High Performance Computing 12 SP5

* SUSE Linux Enterprise Server 12

* SUSE Linux Enterprise Server 12 SP1

* SUSE Linux Enterprise Server 12 SP2

* SUSE Linux Enterprise Server 12 SP3

* SUSE Linux Enterprise Server 12 SP4

* SUSE Linux Enterprise Server 12 SP5

* SUSE Linux Enterprise Server for SAP Applications 12

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:2756-1
Rating: important

Topics%20covered

Topics Covered

security advisory security fix patch update SUSE code injection segmentation fault

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here