ksh-20120801-38.AXS4

エラータID: AXSA:2020-4474:01

Release date: 
Sunday, February 23, 2020 - 13:27
Subject: 
ksh-20120801-38.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

KornShell (ksh) is a Unix shell developed by AT&T; Bell Laboratories, which is backward-compatible with the Bourne shell (sh) and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard (IEEE Std 1003.2-1992).

Security Fix(es):

* ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (CVE-2019-14868)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-14868
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

CVEs: 
CVE-2019-14868
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Additional Info: 

N/A

Download: 

SRPMS
  1. ksh-20120801-38.AXS4.src.rpm
    MD5: e2fca00ac254baf17bb8ea8b95c8c435
    SHA-256: 5b9f13e16037cb7897a4390f0e2173de3a8506b65fc68a8ffa5645bf1535df4f
    Size: 2.37 MB

Asianux Server 4 for x86
  1. ksh-20120801-38.AXS4.i686.rpm
    MD5: 48c20cfa3d2638738391a84d9995b773
    SHA-256: 0557035567a552cebcbef7a1e55d53fbdd29f6ebd6a49a1aeaec8ed366dcf3c2
    Size: 757.60 kB

Asianux Server 4 for x86_64
  1. ksh-20120801-38.AXS4.x86_64.rpm
    MD5: 23faeb1ea4a173ad5c10966143260a62
    SHA-256: e7140753a8ef1a4747b98f01a593a1414aef36780d8b37f299721f123748b827
    Size: 760.70 kB