UbuntuUpdates.org

Package "bash"

Name: bash

Description:

GNU Bourne Again SHell

Latest version: 4.2-2ubuntu2.9
Release: precise (12.04)
Level: security
Repository: main
Homepage: http://tiswww.case.edu/php/chet/bash/bashtop.html

Links


Download "bash"


Other versions of "bash" in Precise

Repository Area Version
base main 4.2-2ubuntu2
base universe 4.2-2ubuntu2
security universe 4.2-2ubuntu2.9
updates main 4.2-2ubuntu2.9
updates universe 4.2-2ubuntu2.9

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 4.2-2ubuntu2.9 2021-05-03 14:07:14 UTC

  bash (4.2-2ubuntu2.9) precise-security; urgency=medium

  * SECURITY UPDATE: Heap-based buffer overflow
    - debian/patches/CVE-2012-6711.patch: making u32cconv() return
      the number of bytes instead a negative value in
      lib/sh/unicode.c
    - CVE-2012-6711

 -- <email address hidden> (Leonidas S. Barbosa) Fri, 08 Nov 2019 09:46:02 -0300

Source diff to previous version
CVE-2012-6711 A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment

Version: 4.2-2ubuntu2.6 2014-10-09 13:06:41 UTC

  bash (4.2-2ubuntu2.6) precise-security; urgency=medium

  * SECURITY UPDATE: incorrect function definition parsing with
    here-document delimited by end-of-file
    - debian/patches/CVE-2014-6277.diff: properly handle closing delimiter
      in bash/copy_cmd.c, bash/make_cmd.c.
    - CVE-2014-6277
  * SECURITY UPDATE: incorrect function definition parsing via nested
    command substitutions
    - debian/patches/CVE-2014-6278.diff: properly handle certain parsing
      attempts in bash/builtins/evalstring.c, bash/parse.y, bash/shell.h.
    - CVE-2014-6278
  * Updated patches with official upstream versions:
    - debian/patches/CVE-2014-6271.diff
    - debian/patches/CVE-2014-7169.diff
    - debian/patches/variables-affix.diff
    - debian/patches/CVE-2014-718x.diff
 -- Marc Deslauriers <email address hidden> Tue, 07 Oct 2014 11:05:06 -0400

Source diff to previous version
CVE-2014-6277 GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to
CVE-2014-6278 GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to
CVE-2014-6271 GNU Bash through 4.3 processes trailing strings after function ...
CVE-2014-7169 GNU Bash through 4.3 bash43-025 processes trailing strings after ...

Version: 4.2-2ubuntu2.5 2014-09-27 10:06:43 UTC

  bash (4.2-2ubuntu2.5) precise-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds memory access
    - debian/patches/CVE-2014-718x.diff: guard against overflow and fix
      off-by-one in bash/parse.y.
    - CVE-2014-7186
    - CVE-2014-7187
  * SECURITY IMPROVEMENT: use prefixes and suffixes for function exports
    - debian/patches/variables-affix.diff: add prefixes and suffixes in
      bash/variables.c.
 -- Marc Deslauriers <email address hidden> Fri, 26 Sep 2014 13:27:53 -0400

Source diff to previous version

Version: 4.2-2ubuntu2.3 2014-09-25 23:06:46 UTC

  bash (4.2-2ubuntu2.3) precise-security; urgency=medium

  * SECURITY UPDATE: incomplete fix for CVE-2014-6271
    - debian/patches/CVE-2014-7169.diff: fix logic in bash/parse.y.
    - CVE-2014-7169
 -- Marc Deslauriers <email address hidden> Thu, 25 Sep 2014 02:11:10 -0400

Source diff to previous version
CVE-2014-6271 GNU Bash through 4.3 processes trailing strings after function ...
CVE-2014-7169 GNU Bash through 4.3 bash43-025 processes trailing strings after ...

Version: 4.2-2ubuntu2.2 2014-09-24 16:07:20 UTC

  bash (4.2-2ubuntu2.2) precise-security; urgency=medium

  * SECURITY UPDATE: incorrect function parsing
    - debian/patches/CVE-2014-6271.diff: fix function parsing in
      bash/builtins/common.h, bash/builtins/evalstring.c, bash/variables.c.
    - CVE-2014-6271
 -- Marc Deslauriers <email address hidden> Mon, 22 Sep 2014 15:31:07 -0400




About   -   Send Feedback to @ubuntu_updates