UbuntuUpdates.org

Package "bash-static"

Name: bash-static

Description:

GNU Bourne Again SHell (static version)
Latest version: 4.3-7ubuntu1.7
Release: trusty (14.04)
Level: updates
Repository: universe
Head package: bash
Homepage: http://tiswww.case.edu/php/chet/bash/bashtop.html

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "bash-static"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "bash-static" in Trusty

Repository Area Version
base universe 4.3-6ubuntu1
security universe 4.3-7ubuntu1.7
PPA: Mint Upstream 4.3+linuxmint5
PPA: Mint Upstream 4.3+linuxmint5
PPA: Mint Upstream 4.3+linuxmint5
PPA: Mint Upstream 4.3+linuxmint5

Changelog

Version: 4.3-7ubuntu1.7 2017-05-17 19:06:40 UTC

  bash (4.3-7ubuntu1.7) trusty-security; urgency=medium

  * SECURITY UPDATE: word expansions on the prompt strings (LP: #1507025)
    - debian/patches/bash43-047.diff: add quoting to parse.y, y.tab.c.
    - CVE-2016-0634
  * SECURITY UPDATE: code execution via crafted SHELLOPTS and PS4
    (LP: #1689304)
    - debian/patches/bash43-048.diff: check for root in variables.c.
    - CVE-2016-7543
  * SECURITY UPDATE: restricted shell bypass via use-after-free
    - debian/patches/bash44-006.diff: check for negative offsets in
      builtins/pushd.def.
    - CVE-2016-9401

 -- Marc Deslauriers <email address hidden> Tue, 16 May 2017 07:52:48 -0400
Source diff to previous version
1507025 Shell Command Injection with the hostname
1689304 Unfixed Code Execution Vulnerability CVE-2016-7543
CVE-2016-0634 bash prompt expanding return value from gethostname()
CVE-2016-7543 Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.
CVE-2016-9401 popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.

Version: 4.3-7ubuntu1.6 2017-05-04 16:07:14 UTC

  bash (4.3-7ubuntu1.6) trusty-proposed; urgency=medium

  * When the readline `revert-all-at-newline' option is set, pressing newline
    when the current line is one retrieved from history results in a double
    free and a segmentation fault. LP: #1422795.

 -- Jeffrey Hutzelman <email address hidden> Fri, 16 Oct 2015 17:21:23 -0400
Source diff to previous version
1422795 bash crashes often if inputrc contains revert-all-at-newline

Version: 4.3-7ubuntu1.5 2014-10-09 14:06:42 UTC

  bash (4.3-7ubuntu1.5) trusty-security; urgency=medium

  * SECURITY UPDATE: incorrect function definition parsing with
    here-document delimited by end-of-file
    - debian/patches/CVE-2014-6277.diff: properly handle closing delimiter
      in copy_cmd.c, make_cmd.c.
    - CVE-2014-6277
  * SECURITY UPDATE: incorrect function definition parsing via nested
    command substitutions
    - debian/patches/CVE-2014-6278.diff: properly handle certain parsing
      attempts in builtins/evalstring.c, parse.y, shell.h, y.tab.c.
    - CVE-2014-6278
  * Updated patches with official upstream versions:
    - debian/patches/CVE-2014-6271.diff
    - debian/patches/CVE-2014-7169.diff
    - debian/patches/variables-affix.diff
    - debian/patches/CVE-2014-718x.diff
 -- Marc Deslauriers <email address hidden> Tue, 07 Oct 2014 10:50:12 -0400
Source diff to previous version
CVE-2014-6277 GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to
CVE-2014-6278 GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to
CVE-2014-6271 GNU Bash through 4.3 processes trailing strings after function ...
CVE-2014-7169 GNU Bash through 4.3 bash43-025 processes trailing strings after ...

Version: 4.3-7ubuntu1.4 2014-09-27 11:06:52 UTC

  bash (4.3-7ubuntu1.4) trusty-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds memory access
    - debian/patches/CVE-2014-718x.diff: guard against overflow and fix
      off-by-one in parse.y and y.tab.c.
    - CVE-2014-7186
    - CVE-2014-7187
  * SECURITY IMPROVEMENT: use prefixes and suffixes for function exports
    - debian/patches/variables-affix.diff: add prefixes and suffixes in
      variables.c.
 -- Marc Deslauriers <email address hidden> Fri, 26 Sep 2014 12:57:19 -0400
Source diff to previous version

Version: 4.3-7ubuntu1.3 2014-09-26 03:06:59 UTC

  bash (4.3-7ubuntu1.3) trusty-security; urgency=medium

  * Updated debian/patches/CVE-2014-7169.diff to also patch y.tab.c in
    case it doesn't get regenerated when built (LP: #1374207)
 -- Marc Deslauriers <email address hidden> Thu, 25 Sep 2014 21:20:03 -0400
1374207 CVE-2014-7169 fix not effective on trusty
CVE-2014-7169 GNU Bash through 4.3 bash43-025 processes trailing strings after ...


About   -   Send Feedback to @ubuntu_updates