Security update for bash
| Announcement ID: | SUSE-SU-2018:1398-2 |
|---|---|
| Rating: | moderate |
| References: | |
| Cross-References: | |
| CVSS scores: |
|
| Affected Products: |
|
An update that solves two vulnerabilities and has one security fix can now be installed.
Description:
This update for bash fixes the following issues:
Security issues fixed:
- CVE-2016-7543: A code execution possibility via SHELLOPTS+PS4 variable was fixed (bsc#1001299)
- CVE-2016-0634: Arbitrary code execution via malicious hostname was fixed (bsc#1000396)
Non-security issues fixed:
- Fix repeating self-calling of traps due the combination of a non-interactive shell, a trap handler for SIGINT, an external process in the trap handler, and a SIGINT within the trap after the external process runs. (bsc#1086247)
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2
zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-977=1 -
SUSE Linux Enterprise Server 12 SP2 ESPOS 12-SP2
zypper in -t patch SUSE-SLE-SERVER-12-SP2-ESPOS-2018-977=1
Package List:
-
SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64)
- libreadline6-32bit-6.3-83.10.1
- bash-debuginfo-4.3-83.10.1
- bash-debugsource-4.3-83.10.1
- libreadline6-debuginfo-32bit-6.3-83.10.1
- libreadline6-debuginfo-6.3-83.10.1
- libreadline6-6.3-83.10.1
- bash-4.3-83.10.1
-
SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch)
- readline-doc-6.3-83.10.1
- bash-doc-4.3-83.10.1
-
SUSE Linux Enterprise Server 12 SP2 ESPOS 12-SP2 (x86_64)
- libreadline6-32bit-6.3-83.10.1
- bash-debuginfo-4.3-83.10.1
- bash-debugsource-4.3-83.10.1
- libreadline6-debuginfo-32bit-6.3-83.10.1
- libreadline6-debuginfo-6.3-83.10.1
- libreadline6-6.3-83.10.1
- bash-4.3-83.10.1
-
SUSE Linux Enterprise Server 12 SP2 ESPOS 12-SP2 (noarch)
- readline-doc-6.3-83.10.1
- bash-doc-4.3-83.10.1