UbuntuUpdates.org

Package "bash-static"

Name: bash-static

Description:

GNU Bourne Again SHell (static version)

Latest version: 4.3-14ubuntu1.4
Release: xenial (16.04)
Level: updates
Repository: universe
Head package: bash
Homepage: http://tiswww.case.edu/php/chet/bash/bashtop.html

Links


Download "bash-static"


Other versions of "bash-static" in Xenial

Repository Area Version
base universe 4.3-14ubuntu1
security universe 4.3-14ubuntu1.4

Changelog

Version: 4.3-14ubuntu1.4 2019-07-15 16:06:27 UTC

  bash (4.3-14ubuntu1.4) xenial-security; urgency=medium

  * SECURITY UPDATE: rbash restriction bypass (LP: #1803441)
    - debian/patches/CVE-2019-9924.patch: if the shell is restricted,
      reject attempts to add pathnames containing slashes to the hash table
      in variables.c.
    - CVE-2019-9924

 -- Marc Deslauriers <email address hidden> Fri, 12 Jul 2019 14:25:28 -0400

Source diff to previous version
1803441 BASH_CMDS is writable in restricted bash shells (fixed upstream, need to backport patch)
CVE-2019-9924 rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permis

Version: 4.3-14ubuntu1.3 2019-05-16 11:07:15 UTC

  bash (4.3-14ubuntu1.3) xenial; urgency=medium

  * Resurrect "Set the default path to comply with Debian policy" in
    deb-bash-config.diff which went missing since 4.2+dfsg-1 or so.
    LP: #1792004 LP: #1614080 Closes: #781367
  * Add autopkgtest for the built-in path.

 -- Dimitri John Ledkov <email address hidden> Fri, 03 May 2019 14:57:15 +0100

Source diff to previous version
1792004 built-in PATH seems to have sbin and bin out of order; and inconsistent
1614080 PATH contains dot when PATH is unset before running bash
781367 bash may set a PATH including "." under certain circumstances - Debian Bug report logs

Version: 4.3-14ubuntu1.2 2017-05-17 19:06:45 UTC

  bash (4.3-14ubuntu1.2) xenial-security; urgency=medium

  * SECURITY UPDATE: word expansions on the prompt strings (LP: #1507025)
    - debian/patches/bash43-047.diff: add quoting to parse.y, y.tab.c.
    - CVE-2016-0634
  * SECURITY UPDATE: code execution via crafted SHELLOPTS and PS4
    (LP: #1689304)
    - debian/patches/bash43-048.diff: check for root in variables.c.
    - CVE-2016-7543
  * SECURITY UPDATE: restricted shell bypass via use-after-free
    - debian/patches/bash44-006.diff: check for negative offsets in
      builtins/pushd.def.
    - CVE-2016-9401

 -- Marc Deslauriers <email address hidden> Tue, 16 May 2017 07:51:45 -0400

Source diff to previous version
1507025 Shell Command Injection with the hostname
1689304 Unfixed Code Execution Vulnerability CVE-2016-7543
CVE-2016-0634 bash prompt expanding return value from gethostname()
CVE-2016-7543 Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.
CVE-2016-9401 popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.

Version: 4.3-14ubuntu1.1 2016-07-04 12:06:46 UTC

  bash (4.3-14ubuntu1.1) xenial-proposed; urgency=medium

  * SRU: LP: #1595869.
  * Apply upstream patches 043 - 046. Fixes:
    - When the lastpipe option is enabled, the last component can contain
      nested pipelines and cause a segmentation fault under
      certain circumstances.
    - A typo prevents the `compat42' shopt option from working as intended.
    - If a file open attempted as part of a redirection fails because it is
      interrupted by a signal, the shell needs to process any pending traps
      to allow the redirection to be canceled.
    - An incorrect conversion from an indexed to associative array can result
      in a core dump.
  * Add $HOME/.local/bin to PATH, and add the user's home directories
    unconditionally to the path, so that they are available without
    a new login. Closes: #820856, LP: #1588562.

 -- Matthias Klose <email address hidden> Fri, 24 Jun 2016 10:20:17 +0200

1595869 SRU: apply four upstream bug fixes in bash for 16.04 LTS
1588562 Please add ~/.local/bin to the default $PATH
820856 bash: Please add ~/.local/bin to the default $PATH - Debian Bug report logs



About   -   Send Feedback to @ubuntu_updates