UbuntuUpdates.org

Package "bash-static"

Name: bash-static

Description:

GNU Bourne Again SHell (static version)

Latest version: 4.2-2ubuntu2.6
Release: precise (12.04)
Level: security
Repository: universe
Head package: bash
Homepage: http://tiswww.case.edu/php/chet/bash/bashtop.html

Links


Download "bash-static"


Other versions of "bash-static" in Precise

Repository Area Version
base universe 4.2-2ubuntu2
updates universe 4.2-2ubuntu2.6
PPA: Mint Upstream 4.3+linuxmint5
PPA: Mint Upstream 4.3+linuxmint5
PPA: Mint Upstream 4.3+linuxmint5
PPA: Mint Upstream 4.3+linuxmint5

Changelog

Version: 4.2-2ubuntu2.6 2014-10-09 13:06:41 UTC

  bash (4.2-2ubuntu2.6) precise-security; urgency=medium

  * SECURITY UPDATE: incorrect function definition parsing with
    here-document delimited by end-of-file
    - debian/patches/CVE-2014-6277.diff: properly handle closing delimiter
      in bash/copy_cmd.c, bash/make_cmd.c.
    - CVE-2014-6277
  * SECURITY UPDATE: incorrect function definition parsing via nested
    command substitutions
    - debian/patches/CVE-2014-6278.diff: properly handle certain parsing
      attempts in bash/builtins/evalstring.c, bash/parse.y, bash/shell.h.
    - CVE-2014-6278
  * Updated patches with official upstream versions:
    - debian/patches/CVE-2014-6271.diff
    - debian/patches/CVE-2014-7169.diff
    - debian/patches/variables-affix.diff
    - debian/patches/CVE-2014-718x.diff
 -- Marc Deslauriers <email address hidden> Tue, 07 Oct 2014 11:05:06 -0400

Source diff to previous version
CVE-2014-6277 GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to
CVE-2014-6278 GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to
CVE-2014-6271 GNU Bash through 4.3 processes trailing strings after function ...
CVE-2014-7169 GNU Bash through 4.3 bash43-025 processes trailing strings after ...

Version: 4.2-2ubuntu2.5 2014-09-27 10:06:43 UTC

  bash (4.2-2ubuntu2.5) precise-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds memory access
    - debian/patches/CVE-2014-718x.diff: guard against overflow and fix
      off-by-one in bash/parse.y.
    - CVE-2014-7186
    - CVE-2014-7187
  * SECURITY IMPROVEMENT: use prefixes and suffixes for function exports
    - debian/patches/variables-affix.diff: add prefixes and suffixes in
      bash/variables.c.
 -- Marc Deslauriers <email address hidden> Fri, 26 Sep 2014 13:27:53 -0400

Source diff to previous version

Version: 4.2-2ubuntu2.3 2014-09-25 23:06:52 UTC

  bash (4.2-2ubuntu2.3) precise-security; urgency=medium

  * SECURITY UPDATE: incomplete fix for CVE-2014-6271
    - debian/patches/CVE-2014-7169.diff: fix logic in bash/parse.y.
    - CVE-2014-7169
 -- Marc Deslauriers <email address hidden> Thu, 25 Sep 2014 02:11:10 -0400

Source diff to previous version
CVE-2014-6271 GNU Bash through 4.3 processes trailing strings after function ...
CVE-2014-7169 GNU Bash through 4.3 bash43-025 processes trailing strings after ...

Version: 4.2-2ubuntu2.2 2014-09-24 16:07:20 UTC

  bash (4.2-2ubuntu2.2) precise-security; urgency=medium

  * SECURITY UPDATE: incorrect function parsing
    - debian/patches/CVE-2014-6271.diff: fix function parsing in
      bash/builtins/common.h, bash/builtins/evalstring.c, bash/variables.c.
    - CVE-2014-6271
 -- Marc Deslauriers <email address hidden> Mon, 22 Sep 2014 15:31:07 -0400




About   -   Send Feedback to @ubuntu_updates