Package "bash"
Name: |
bash
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- Bash loadable builtins - headers & examples
- GNU Bourne Again SHell (static version)
|
Latest version: |
4.2-2ubuntu2.9 |
Release: |
precise (12.04) |
Level: |
security |
Repository: |
universe |
Links
Other versions of "bash" in Precise
Packages in group
Deleted packages are displayed in grey.
Changelog
bash (4.2-2ubuntu2.9) precise-security; urgency=medium
* SECURITY UPDATE: Heap-based buffer overflow
- debian/patches/CVE-2012-6711.patch: making u32cconv() return
the number of bytes instead a negative value in
lib/sh/unicode.c
- CVE-2012-6711
-- <email address hidden> (Leonidas S. Barbosa) Fri, 08 Nov 2019 09:46:02 -0300
|
Source diff to previous version |
CVE-2012-6711 |
A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment |
|
bash (4.2-2ubuntu2.6) precise-security; urgency=medium
* SECURITY UPDATE: incorrect function definition parsing with
here-document delimited by end-of-file
- debian/patches/CVE-2014-6277.diff: properly handle closing delimiter
in bash/copy_cmd.c, bash/make_cmd.c.
- CVE-2014-6277
* SECURITY UPDATE: incorrect function definition parsing via nested
command substitutions
- debian/patches/CVE-2014-6278.diff: properly handle certain parsing
attempts in bash/builtins/evalstring.c, bash/parse.y, bash/shell.h.
- CVE-2014-6278
* Updated patches with official upstream versions:
- debian/patches/CVE-2014-6271.diff
- debian/patches/CVE-2014-7169.diff
- debian/patches/variables-affix.diff
- debian/patches/CVE-2014-718x.diff
-- Marc Deslauriers <email address hidden> Tue, 07 Oct 2014 11:05:06 -0400
|
Source diff to previous version |
CVE-2014-6277 |
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to |
CVE-2014-6278 |
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to |
CVE-2014-6271 |
GNU Bash through 4.3 processes trailing strings after function ... |
CVE-2014-7169 |
GNU Bash through 4.3 bash43-025 processes trailing strings after ... |
|
bash (4.2-2ubuntu2.5) precise-security; urgency=medium
* SECURITY UPDATE: out-of-bounds memory access
- debian/patches/CVE-2014-718x.diff: guard against overflow and fix
off-by-one in bash/parse.y.
- CVE-2014-7186
- CVE-2014-7187
* SECURITY IMPROVEMENT: use prefixes and suffixes for function exports
- debian/patches/variables-affix.diff: add prefixes and suffixes in
bash/variables.c.
-- Marc Deslauriers <email address hidden> Fri, 26 Sep 2014 13:27:53 -0400
|
Source diff to previous version |
bash (4.2-2ubuntu2.3) precise-security; urgency=medium
* SECURITY UPDATE: incomplete fix for CVE-2014-6271
- debian/patches/CVE-2014-7169.diff: fix logic in bash/parse.y.
- CVE-2014-7169
-- Marc Deslauriers <email address hidden> Thu, 25 Sep 2014 02:11:10 -0400
|
Source diff to previous version |
CVE-2014-6271 |
GNU Bash through 4.3 processes trailing strings after function ... |
CVE-2014-7169 |
GNU Bash through 4.3 bash43-025 processes trailing strings after ... |
|
bash (4.2-2ubuntu2.2) precise-security; urgency=medium
* SECURITY UPDATE: incorrect function parsing
- debian/patches/CVE-2014-6271.diff: fix function parsing in
bash/builtins/common.h, bash/builtins/evalstring.c, bash/variables.c.
- CVE-2014-6271
-- Marc Deslauriers <email address hidden> Mon, 22 Sep 2014 15:31:07 -0400
|
About
-
Send Feedback to @ubuntu_updates