Package "bash"
Links
Download "bash"
Other versions of "bash" in Trusty
Packages in group
Deleted packages are displayed in grey.
Changelog
bash (4.3-7ubuntu1.7) trusty-security; urgency=medium
* SECURITY UPDATE: word expansions on the prompt strings (LP: #1507025)
- debian/patches/bash43-047.diff: add quoting to parse.y, y.tab.c.
- CVE-2016-0634
* SECURITY UPDATE: code execution via crafted SHELLOPTS and PS4
(LP: #1689304)
- debian/patches/bash43-048.diff: check for root in variables.c.
- CVE-2016-7543
* SECURITY UPDATE: restricted shell bypass via use-after-free
- debian/patches/bash44-006.diff: check for negative offsets in
builtins/pushd.def.
- CVE-2016-9401
-- Marc Deslauriers <email address hidden> Tue, 16 May 2017 07:52:48 -0400
|
Source diff to previous version |
1507025 |
Shell Command Injection with the hostname |
1689304 |
Unfixed Code Execution Vulnerability CVE-2016-7543 |
CVE-2016-0634 |
bash prompt expanding return value from gethostname() |
CVE-2016-7543 |
Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. |
CVE-2016-9401 |
popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address. |
|
bash (4.3-7ubuntu1.5) trusty-security; urgency=medium
* SECURITY UPDATE: incorrect function definition parsing with
here-document delimited by end-of-file
- debian/patches/CVE-2014-6277.diff: properly handle closing delimiter
in copy_cmd.c, make_cmd.c.
- CVE-2014-6277
* SECURITY UPDATE: incorrect function definition parsing via nested
command substitutions
- debian/patches/CVE-2014-6278.diff: properly handle certain parsing
attempts in builtins/evalstring.c, parse.y, shell.h, y.tab.c.
- CVE-2014-6278
* Updated patches with official upstream versions:
- debian/patches/CVE-2014-6271.diff
- debian/patches/CVE-2014-7169.diff
- debian/patches/variables-affix.diff
- debian/patches/CVE-2014-718x.diff
-- Marc Deslauriers <email address hidden> Tue, 07 Oct 2014 10:50:12 -0400
|
Source diff to previous version |
CVE-2014-6277 |
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to |
CVE-2014-6278 |
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to |
CVE-2014-6271 |
GNU Bash through 4.3 processes trailing strings after function ... |
CVE-2014-7169 |
GNU Bash through 4.3 bash43-025 processes trailing strings after ... |
|
bash (4.3-7ubuntu1.4) trusty-security; urgency=medium
* SECURITY UPDATE: out-of-bounds memory access
- debian/patches/CVE-2014-718x.diff: guard against overflow and fix
off-by-one in parse.y and y.tab.c.
- CVE-2014-7186
- CVE-2014-7187
* SECURITY IMPROVEMENT: use prefixes and suffixes for function exports
- debian/patches/variables-affix.diff: add prefixes and suffixes in
variables.c.
-- Marc Deslauriers <email address hidden> Fri, 26 Sep 2014 12:57:19 -0400
|
Source diff to previous version |
bash (4.3-7ubuntu1.3) trusty-security; urgency=medium
* Updated debian/patches/CVE-2014-7169.diff to also patch y.tab.c in
case it doesn't get regenerated when built (LP: #1374207)
-- Marc Deslauriers <email address hidden> Thu, 25 Sep 2014 21:20:03 -0400
|
Source diff to previous version |
1374207 |
CVE-2014-7169 fix not effective on trusty |
CVE-2014-7169 |
GNU Bash through 4.3 bash43-025 processes trailing strings after ... |
|
bash (4.3-7ubuntu1.2) trusty-security; urgency=medium
* SECURITY UPDATE: incomplete fix for CVE-2014-6271
- debian/patches/CVE-2014-7169.diff: fix logic in parse.y.
- CVE-2014-7169
-- Marc Deslauriers <email address hidden> Thu, 25 Sep 2014 02:06:49 -0400
|
CVE-2014-6271 |
GNU Bash through 4.3 processes trailing strings after function ... |
CVE-2014-7169 |
GNU Bash through 4.3 bash43-025 processes trailing strings after ... |
|
About
-
Send Feedback to @ubuntu_updates