Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
98
security advisorymoderatesecurity fixRed Hat Enterprise Linux 7.6 RHSA-2020-3474-01 Moderate: Bash Update
An update for bash is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: bash security update Advisory ID: RHSA-2020:3474-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3474 Issue date: 2020-08-18 CVE Names: CVE-2019-9924 ==================================================================== 1. Summary: An update for bash is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.6) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Description: The bash packages provide Bash (Bourne-again shell), which is the default shell for Red Hat Enterprise Linux. Security Fix(es): * bash: BASH_CMD is writable in restricted bash shells (CVE-2019-9924) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in theReferences section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1691774 - CVE-2019-9924 bash: BASH_CMD is writable in restricted bash shells 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.6): Source: bash-4.2.46-32.el7_6.src.rpm x86_64: bash-4.2.46-32.el7_6.x86_64.rpm bash-debuginfo-4.2.46-32.el7_6.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6): x86_64: bash-debuginfo-4.2.46-32.el7_6.x86_64.rpm bash-doc-4.2.46-32.el7_6.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.6): Source: bash-4.2.46-32.el7_6.src.rpm ppc64: bash-4.2.46-32.el7_6.ppc64.rpm bash-debuginfo-4.2.46-32.el7_6.ppc64.rpm ppc64le: bash-4.2.46-32.el7_6.ppc64le.rpm bash-debuginfo-4.2.46-32.el7_6.ppc64le.rpm s390x: bash-4.2.46-32.el7_6.s390x.rpm bash-debuginfo-4.2.46-32.el7_6.s390x.rpm x86_64: bash-4.2.46-32.el7_6.x86_64.rpm bash-debuginfo-4.2.46-32.el7_6.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: bash-4.2.46-32.el7_6.src.rpm aarch64: bash-4.2.46-32.el7_6.aarch64.rpm bash-debuginfo-4.2.46-32.el7_6.aarch64.rpm ppc64le: bash-4.2.46-32.el7_6.ppc64le.rpm bash-debuginfo-4.2.46-32.el7_6.ppc64le.rpm s390x: bash-4.2.46-32.el7_6.s390x.rpm bash-debuginfo-4.2.46-32.el7_6.s390x.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.6): ppc64: bash-debuginfo-4.2.46-32.el7_6.ppc64.rpm bash-doc-4.2.46-32.el7_6.ppc64.rpm ppc64le: bash-debuginfo-4.2.46-32.el7_6.ppc64le.rpm bash-doc-4.2.46-32.el7_6.ppc64le.rpm s390x: bash-debuginfo-4.2.46-32.el7_6.s390x.rpm bash-doc-4.2.46-32.el7_6.s390x.rpm x86_64: bash-debuginfo-4.2.46-32.el7_6.x86_64.rpm bash-doc-4.2.46-32.el7_6.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v.7): aarch64: bash-debuginfo-4.2.46-32.el7_6.aarch64.rpm bash-doc-4.2.46-32.el7_6.aarch64.rpm ppc64le: bash-debuginfo-4.2.46-32.el7_6.ppc64le.rpm bash-doc-4.2.46-32.el7_6.ppc64le.rpm s390x: bash-debuginfo-4.2.46-32.el7_6.s390x.rpm bash-doc-4.2.46-32.el7_6.s390x.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-9924 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXzvPPtzjgjWX9erEAQjX1Q//fISc4uygMSU8vt5V4oqJ93pm1CzxIHqt dhDf9kuQXNpOhllIpoDDVuIFYH3ffsuuEdJkOENrNzOpRMro/HzAXf07SA93Dtcl uWJzmvvjfe0Wr+gG1lI0B9QOpAGYA5Dxh5dvf9eaYHnoo32ywKuxTWe5FzBjUAkq WhdbE7fGPKs4+NLdaUXE0yBbo1/6lwvFB2xAVXz73djlelCOjBP/fEoi2wKzWj0l pSadncsoxx6HW4rjIkj1bPyG1jqIR5I/OqJam0RA3nyRMzUheXRF6XhY7ILjZH+X Jy0NR+Y9aJ8c03ETfLhe63XqcM01emyFaPj5/tHdoIfIg4HkLt1TvVhXq4+eTLmC dk2WjyUYe6JColCn+AVpMxysXWBXDEJLYwgRehiJLq0HOu/tuj1Z0RSK3Lxtzx6n M73WdCmegjCcRUBCe1cnA9YY8v/eszl8wcFSiG6rCgaeHgzAJsr+GoSpZCVywtoH A7MJdPK9kFpIxsbHjEYKgd3JFD6tqFwHYn4eF3oOlIUDEz/ZbYEsebqxQUCVkS1Z 5AJnJ+TDpKfGhYKuQBb1Q7ZV+3Bkecr2Dd7781xoYp9hdrIZq5XIvRjE27GIYxnJ z35Y1IhXZB7BDQAS805DWj9MgWf7GgAzstt37qUfiyc38v+R5hYxzp9hGcMU7mWI qIMj3OrQ1O8=5dqI -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 18, 2020
•Important
Red Hat
200
security advisorymoderate severityx86_64Scientific Linux SL7: SLSA-2020:1113-1 Moderate: bash Command Issue
bash: BASH_CMD is writable in restricted bash shells SL7 x86_64 bash-4.2.46-34.el7.x86_64.rpm bash-debuginfo-4.2.46-34.el7.x86_64.rpm bash-doc-4.2.46-34.el7.x86_64.rpm - Scientific Linux Development Team. Synopsis: Moderate: bash security update Advisory ID: SLSA-2020:1113-1 Issue Date: 2020-04-07 CVE Numbers: CVE-2019-9924 -- * bash: BASH_CMD is writable in restricted bash shells -- SL7 x86_64 bash-4.2.46-34.el7.x86_64.rpm bash-debuginfo-4.2.46-34.el7.x86_64.rpm bash-doc-4.2.46-34.el7.x86_64.rpm - Scientific Linux Development Team . In environments with limited shell access on Scientific Linux SL7 x86_64, manage the writable BASH_CMD feature to mitigate command execution risks and boost security. bash update, Scientific Linux, security advisory, restricted shell. . Severity: Important. LinuxSecurity.com Team
Apr 20, 2020
•Important
Scientific Linux
98
security advisorysecurity issuesecurity fixRed Hat Enterprise Linux 7: RHSA-2020-1113-01 Moderate Bash Security Fix
An update for bash is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: bash security update Advisory ID: RHSA-2020:1113-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1113 Issue date: 2020-03-31 CVE Names: CVE-2019-9924 ==================================================================== 1. Summary: An update for bash is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The bash packages provide Bash (Bourne-again shell), which is the default shell for Red Hat Enterprise Linux. Security Fix(es): * bash: BASH_CMD is writable in restricted bash shells (CVE-2019-9924) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listedin the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1691774 - CVE-2019-9924 bash: BASH_CMD is writable in restricted bash shells 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: bash-4.2.46-34.el7.src.rpm x86_64: bash-4.2.46-34.el7.x86_64.rpm bash-debuginfo-4.2.46-34.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: bash-debuginfo-4.2.46-34.el7.x86_64.rpm bash-doc-4.2.46-34.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: bash-4.2.46-34.el7.src.rpm x86_64: bash-4.2.46-34.el7.x86_64.rpm bash-debuginfo-4.2.46-34.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: bash-debuginfo-4.2.46-34.el7.x86_64.rpm bash-doc-4.2.46-34.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: bash-4.2.46-34.el7.src.rpm ppc64: bash-4.2.46-34.el7.ppc64.rpm bash-debuginfo-4.2.46-34.el7.ppc64.rpm ppc64le: bash-4.2.46-34.el7.ppc64le.rpm bash-debuginfo-4.2.46-34.el7.ppc64le.rpm s390x: bash-4.2.46-34.el7.s390x.rpm bash-debuginfo-4.2.46-34.el7.s390x.rpm x86_64: bash-4.2.46-34.el7.x86_64.rpm bash-debuginfo-4.2.46-34.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: bash-debuginfo-4.2.46-34.el7.ppc64.rpm bash-doc-4.2.46-34.el7.ppc64.rpm ppc64le: bash-debuginfo-4.2.46-34.el7.ppc64le.rpm bash-doc-4.2.46-34.el7.ppc64le.rpm s390x: bash-debuginfo-4.2.46-34.el7.s390x.rpm bash-doc-4.2.46-34.el7.s390x.rpm x86_64: bash-debuginfo-4.2.46-34.el7.x86_64.rpm bash-doc-4.2.46-34.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: bash-4.2.46-34.el7.src.rpm x86_64: bash-4.2.46-34.el7.x86_64.rpm bash-debuginfo-4.2.46-34.el7.x86_64.rpm Red Hat Enterprise LinuxWorkstation Optional (v. 7): x86_64: bash-debuginfo-4.2.46-34.el7.x86_64.rpm bash-doc-4.2.46-34.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-9924 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXoOdKNzjgjWX9erEAQhKfg//bkPgQBVl1xQvgZscd9zb/iZ3sZge1Vq8 cZdLFQlQBdDU3UEKf6SO+xUSa2cHPlvQwsuoqzeT0ZO9rv4H0r0toKTl4LZ5SJVS quT8HKeoaUZQxEiK0phVjifzagxyKVgiRZr45U8GKZf5mNqMWnt2jBypWKEKAE/6 BKqdG6zvPq7ALH/PtjURc7riPi8YMnCNxXn7XU6Yg3wH+T71jxBD9QB4lTl8LaAh 9ld0+HDZCi4uvI66AN5NZLzJ3g+CIb+96xEA0D0yMUsPXg0WaluNtY7Ap/88CE90 BXQ1oPS2DnaRfe54ZSMmrSMKQcY3azw6KjiBDvjst4XXMJ/Z8zys2/rkhCjLAHfF bVwYOK8Zl1oVV+tF96Ky3sFeIzla9a0zRTBGvGTgdn5q4aeDXBmOpADxfiADEs+4 Pvn9qjgI9aNi1mKFwAmr0gE53h3rIimFMEK4nkU5Gy8MOb4Ycd9CZi/xazz6kd2V UEj3s3xpzmiI/eHtQMT9TRMMteu1AB/azTHi0kpQ8OgJgcO8+Az7NiKs+Z3mWNqJ Q70S21tHsjwrCfMRMLc2YvOwveaD1UDo+TzBFd+YBW8jB7UpzpwU6lGYrgFMmAyb 3oy5rVaPYgC+RVurBu62Xwlg1SBo6YQtXqOhqg1oVvO8gAaMYO2F2uTN/ncHkmjW E6szJiI3RUc=09HN -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 31, 2020
•Important
Red Hat
99
security advisorysoftware patchcritical fixSlackware 14.1: SSA:2014-272-01 Critical: Bash Security Update
New bash packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] bash (SSA:2014-272-01) New bash packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/bash-4.2.050-i486-1_slack14.1.txz: Upgraded. Another bash update. Here's some information included with the patch: "This patch changes the encoding bash uses for exported functions to avoid clashes with shell variables and to avoid depending only on an environment variable's contents to determine whether or not to interpret it as a shell function." After this update, an environment variable will not go through the parser unless it follows this naming structure: BASH_FUNC_*%% Most scripts never expected to import functions from environment variables, so this change (although not backwards compatible) is not likely to break many existing scripts. It will, however, close off access to the parser as an attack surface in the vast majority of cases. There's already another vulnerability similar to CVE-2014-6271 for which there is not yet a fix, but this hardening patch prevents it (and likely many more similar ones). Thanks to Florian Weimer and Chet Ramey. (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 13.0: Updated package for Slackware x86_64 13.0: Updated package for Slackware 13.1: Updated package for Slackware x86_64 13.1: Updated package for Slackware 13.37: Updated package for Slackware x86_6413.37: Updated package for Slackware 14.0: Updated package for Slackware x86_64 14.0: Updated package for Slackware 14.1: Updated package for Slackware x86_64 14.1: Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 13.0 package: 8b5f50012f3c7b18474d7cf19f2be2bb bash-3.1.020-i486-1_slack13.0.txz Slackware x86_64 13.0 package: 3cbe8607bf2209e694320f6416f1cd04 bash-3.1.020-x86_64-1_slack13.0.txz Slackware 13.1 package: c674f9b681c144c32aba0923303d789b bash-4.1.014-i486-1_slack13.1.txz Slackware x86_64 13.1 package: 223fc7505cd2dedd99b79d7f510e749c bash-4.1.014-x86_64-1_slack13.1.txz Slackware 13.37 package: 4b4e4df9e4e949637a641a94aab35765 bash-4.1.014-i486-1_slack13.37.txz Slackware x86_64 13.37 package: 35f35367efd279d2001de989f366b972 bash-4.1.014-x86_64-1_slack13.37.txz Slackware 14.0 package: 19cb9e04683c9020417490047f20b40d bash-4.2.050-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 10bc930d1dd85cf3446f454b129e2bc7 bash-4.2.050-x86_64-1_slack14.0.txz Slackware 14.1 package: 1d1f8137b674813bf7f070b66ad713b1 bash-4.2.050-i486-1_slack14.1.txz Slackware x86_64 14.1 package: e80cc985c6112aea20d0ba0eb2821d03 bash-4.2.050-x86_64-1_slack14.1.txz Slackware -current package: 175685f32cfa87da1c9d7cdfb42786c5 a/bash-4.3.027-i486-1.txz Slackware x86_64 -current package: 34a83642b058fa40e6f441c6161e2208 a/bash-4.3.027-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg bash-4.2.050-i486-1_slack14.1.txz +-----+ . Recent updates to Bash packages in Slackware tackle a significant security vulnerability, providing enhanced protection and improved features for users.. Bash Security Patch, Slackware Update, Software Security Fix. . Severity: Critical. LinuxSecurity.com Team
Sep 29, 2014
•Critical
Slackware
98
security advisoryRed Hatremote executionRed Hat Enterprise Linux Bash Update: Important Command Injection Fix
Updated bash packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extended Life Cycle Support, Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: bash security update Advisory ID: RHSA-2014:1311-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2014:1311.html Issue date: 2014-09-26 CVE Names: CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 ==================================================================== 1. Summary: Updated bash packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extended Life Cycle Support, Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat Enterprise Linux 6.4 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (v. 4 ELS) - i386, ia64, x86_64 Red Hat Enterprise Linux AUS (v. 6.2 server) - x86_64 Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4) - x86_64 Red Hat Enterprise Linux ES (v. 4 ELS) - i386, x86_64 Red Hat Enterprise Linux EUS (v. 5.9 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.4) - x86_64 Red Hat Enterprise Linux LL (v. 5.6 server) - i386, ia64, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.4) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux ServerOptional EUS (v. 6.4) - i386, ppc64, s390x, x86_64 3. Description: The GNU Bourne Again shell (Bash) is a shell and command language interpreter compatible with the Bourne shell (sh). Bash is the default shell for Red Hat Enterprise Linux. It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue. (CVE-2014-7169) Applications which directly create Bash functions as environment variables need to be made aware of the changes to the way names are handled by this update. For more information see the Knowledgebase article at https://access.redhat.com/articles/1200223 Note: Docker users are advised to use "yum update" within their containers, and to commit the resulting changes. For additional information on CVE-2014-6271 and CVE-2014-7169, refer to the aforementioned Knowledgebase article. All bash users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1146319 - CVE-2014-7169 bash: code execution via specially-crafted environment (Incomplete fix for CVE-2014-6271) 6. Package List: Red Hat Enterprise Linux AS (v. 4ELS): Source: bash-3.0-27.el4.4.src.rpm i386: bash-3.0-27.el4.4.i386.rpm bash-debuginfo-3.0-27.el4.4.i386.rpm ia64: bash-3.0-27.el4.4.i386.rpm bash-3.0-27.el4.4.ia64.rpm bash-debuginfo-3.0-27.el4.4.i386.rpm bash-debuginfo-3.0-27.el4.4.ia64.rpm x86_64: bash-3.0-27.el4.4.x86_64.rpm bash-debuginfo-3.0-27.el4.4.x86_64.rpm Red Hat Enterprise Linux ES (v. 4 ELS): Source: bash-3.0-27.el4.4.src.rpm i386: bash-3.0-27.el4.4.i386.rpm bash-debuginfo-3.0-27.el4.4.i386.rpm x86_64: bash-3.0-27.el4.4.x86_64.rpm bash-debuginfo-3.0-27.el4.4.x86_64.rpm Red Hat Enterprise Linux LL (v. 5.6 server): Source: bash-3.2-24.el5_6.2.src.rpm i386: bash-3.2-24.el5_6.2.i386.rpm bash-debuginfo-3.2-24.el5_6.2.i386.rpm ia64: bash-3.2-24.el5_6.2.i386.rpm bash-3.2-24.el5_6.2.ia64.rpm bash-debuginfo-3.2-24.el5_6.2.i386.rpm bash-debuginfo-3.2-24.el5_6.2.ia64.rpm x86_64: bash-3.2-24.el5_6.2.x86_64.rpm bash-debuginfo-3.2-24.el5_6.2.x86_64.rpm Red Hat Enterprise Linux EUS (v. 5.9 server): Source: bash-3.2-32.el5_9.3.src.rpm i386: bash-3.2-32.el5_9.3.i386.rpm bash-debuginfo-3.2-32.el5_9.3.i386.rpm ia64: bash-3.2-32.el5_9.3.i386.rpm bash-3.2-32.el5_9.3.ia64.rpm bash-debuginfo-3.2-32.el5_9.3.i386.rpm bash-debuginfo-3.2-32.el5_9.3.ia64.rpm ppc: bash-3.2-32.el5_9.3.ppc.rpm bash-debuginfo-3.2-32.el5_9.3.ppc.rpm s390x: bash-3.2-32.el5_9.3.s390x.rpm bash-debuginfo-3.2-32.el5_9.3.s390x.rpm x86_64: bash-3.2-32.el5_9.3.x86_64.rpm bash-debuginfo-3.2-32.el5_9.3.x86_64.rpm Red Hat Enterprise Linux HPC Node EUS (v. 6.4): Source: bash-4.1.2-15.el6_4.2.src.rpm x86_64: bash-4.1.2-15.el6_4.2.x86_64.rpm bash-debuginfo-4.1.2-15.el6_4.2.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4): Source: bash-4.1.2-15.el6_4.2.src.rpm x86_64: bash-debuginfo-4.1.2-15.el6_4.2.x86_64.rpm bash-doc-4.1.2-15.el6_4.2.x86_64.rpm Red Hat Enterprise Linux AUS (v. 6.2 server): Source: bash-4.1.2-9.el6_2.2.src.rpm x86_64: bash-4.1.2-9.el6_2.2.x86_64.rpm bash-debuginfo-4.1.2-9.el6_2.2.x86_64.rpm Red Hat Enterprise Linux Server EUS (v.6.4): Source: bash-4.1.2-15.el6_4.2.src.rpm i386: bash-4.1.2-15.el6_4.2.i686.rpm bash-debuginfo-4.1.2-15.el6_4.2.i686.rpm ppc64: bash-4.1.2-15.el6_4.2.ppc64.rpm bash-debuginfo-4.1.2-15.el6_4.2.ppc64.rpm s390x: bash-4.1.2-15.el6_4.2.s390x.rpm bash-debuginfo-4.1.2-15.el6_4.2.s390x.rpm x86_64: bash-4.1.2-15.el6_4.2.x86_64.rpm bash-debuginfo-4.1.2-15.el6_4.2.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.2): Source: bash-4.1.2-9.el6_2.2.src.rpm x86_64: bash-debuginfo-4.1.2-9.el6_2.2.x86_64.rpm bash-doc-4.1.2-9.el6_2.2.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.4): Source: bash-4.1.2-15.el6_4.2.src.rpm i386: bash-debuginfo-4.1.2-15.el6_4.2.i686.rpm bash-doc-4.1.2-15.el6_4.2.i686.rpm ppc64: bash-debuginfo-4.1.2-15.el6_4.2.ppc64.rpm bash-doc-4.1.2-15.el6_4.2.ppc64.rpm s390x: bash-debuginfo-4.1.2-15.el6_4.2.s390x.rpm bash-doc-4.1.2-15.el6_4.2.s390x.rpm x86_64: bash-debuginfo-4.1.2-15.el6_4.2.x86_64.rpm bash-doc-4.1.2-15.el6_4.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2014-7169 https://access.redhat.com/security/cve/CVE-2014-7186 https://access.redhat.com/security/cve/CVE-2014-7187 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/1200223 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUJau9XlSAg2UNWIIRAhKkAKC931kAxA4S4exwT4uGhDr7uDFIKQCglKKS N0AJiOto/RXwBqHtbfr1wkM=SeAK -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Sep 26, 2014
•Important
Red Hat
98
security advisorysecurity issuebug fixRed Hat Enterprise Linux 4: RHSA-2011:0261-01 Low: Bash Security Issue
Updated bash packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Low: bash security and bug fix update Advisory ID: RHSA-2011:0261-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2011:0261.html Issue date: 2011-02-16 CVE Names: CVE-2008-5374 ==================================================================== 1. Summary: Updated bash packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Bash (Bourne-again shell) is the default shell for Red Hat Enterprise Linux. It was found that certain scripts bundled with the Bash documentation created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files accessible to the victim running the scripts. (CVE-2008-5374) This update also fixes the following bugs: * If a child process's PID was the same as the PID of a previously ended child process, Bash did not wait for that child process. In some cases this caused"Resource temporarily unavailable" errors. With this update, Bash recycles PIDs and waits for processes with recycled PIDs. (BZ#521134) * Bash's built-in "read" command had a memory leak when "read" failed due to no input (pipe for stdin). With this update, the memory is correctly freed. (BZ#537029) * Bash did not correctly check for a valid multi-byte string when setting the IFS value, causing Bash to crash. With this update, Bash checks the multi-byte string and no longer crashes. (BZ#539536) * Bash incorrectly set locale settings when using the built-in "export" command and setting the locale on the same line (for example, with "LC_ALL=C export LC_ALL"). With this update, Bash correctly sets locale settings. (BZ#539538) All bash users should upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 475474 - CVE-2008-5374 bash: Insecure temporary file use in aliasconv.sh, aliasconv.bash, cshtobash (symlink attack) 521134 - Bash doesn't wait for backgrounded process if its PID is recycled 6. Package List: Red Hat Enterprise Linux AS version 4: Source: i386: bash-3.0-27.el4.i386.rpm bash-debuginfo-3.0-27.el4.i386.rpm ia64: bash-3.0-27.el4.i386.rpm bash-3.0-27.el4.ia64.rpm bash-debuginfo-3.0-27.el4.i386.rpm bash-debuginfo-3.0-27.el4.ia64.rpm ppc: bash-3.0-27.el4.ppc.rpm bash-debuginfo-3.0-27.el4.ppc.rpm s390: bash-3.0-27.el4.s390.rpm bash-debuginfo-3.0-27.el4.s390.rpm s390x: bash-3.0-27.el4.s390x.rpm bash-debuginfo-3.0-27.el4.s390x.rpm x86_64: bash-3.0-27.el4.x86_64.rpm bash-debuginfo-3.0-27.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version4: Source: i386: bash-3.0-27.el4.i386.rpm bash-debuginfo-3.0-27.el4.i386.rpm x86_64: bash-3.0-27.el4.x86_64.rpm bash-debuginfo-3.0-27.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: i386: bash-3.0-27.el4.i386.rpm bash-debuginfo-3.0-27.el4.i386.rpm ia64: bash-3.0-27.el4.i386.rpm bash-3.0-27.el4.ia64.rpm bash-debuginfo-3.0-27.el4.i386.rpm bash-debuginfo-3.0-27.el4.ia64.rpm x86_64: bash-3.0-27.el4.x86_64.rpm bash-debuginfo-3.0-27.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: i386: bash-3.0-27.el4.i386.rpm bash-debuginfo-3.0-27.el4.i386.rpm ia64: bash-3.0-27.el4.i386.rpm bash-3.0-27.el4.ia64.rpm bash-debuginfo-3.0-27.el4.i386.rpm bash-debuginfo-3.0-27.el4.ia64.rpm x86_64: bash-3.0-27.el4.x86_64.rpm bash-debuginfo-3.0-27.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2008-5374 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNW+7XXlSAg2UNWIIRAo8wAJ0f0sHHZpVn98Y3ZVCCJpFWthbeIQCgs9al 0mEZRNtoUwieXtSlqwdhSY4=7Wkm -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Feb 16, 2011
•Low
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!