Stay Secure with the Latest Linux Advisories

security advisoryFedoracode injection

Fedora 31: FEDORA-2020-d940aca772 Critical: Ksh Env Var Vulnerability

Do not evaluate arithmetic expressions from environment variables at startup. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-d940aca772 2020-02-16 01:29:39.329571 --------------------------------------------------------------------------------Name : ksh Product : Fedora 31 Version : 2020.0.0 Release : 2.fc31 URL : http://www.kornshell.com/ Summary : The Original ATT Korn Shell Description : KornShell is a shell programming language, which is upward compatible with "sh" (the Bourne Shell). --------------------------------------------------------------------------------Update Information: Do not evaluate arithmetic expressions from environment variables at startup --------------------------------------------------------------------------------ChangeLog: * Fri Feb 7 2020 Siteshwar Vashisht - 1:2020.0.0-2 - Do not evaluate arithmetic expressions from environment variables at startup Resolves: #1790549 * Fri Oct 11 2019 Siteshwar Vashisht - 1:2020.0.0-1 - Rebase to 2020.0.0 --------------------------------------------------------------------------------References: [ 1 ] Bug #1790549 - CVE-2019-14868 ksh: environment variables on startup are interpreted as arithmetic expression leading to code injection [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1790549 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-d940aca772' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . The latest Ksh patch for Fedora 31 addresses vulnerabilities in environment variable handling that could allow for potential code execution threats.. Fedora Update, Ksh Kernel, Environment Variable Risk, Shell Security Update, Arithmetic Expression Issue. . Severity: Critical. LinuxSecurity.com Team

Feb 15, 2020 •Critical Fedora