ksh-20120801-140.el7

エラータID: AXSA:2020-4475:02

Release date: 
Monday, February 24, 2020 - 09:09
Subject: 
ksh-20120801-140.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

KornShell (ksh) is a Unix shell developed by AT&T; Bell Laboratories, which is backward-compatible with the Bourne shell (sh) and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard (IEEE Std 1003.2-1992).

Security Fix(es):

* ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (CVE-2019-14868)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-14868
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

CVEs: 
CVE-2019-14868
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Additional Info: 

N/A

Download: 

SRPMS
  1. ksh-20120801-140.el7.src.rpm
    MD5: cecacfa8c9e1fdca0317bf44d3edea5c
    SHA-256: 38a809ea5083517f902b29c549b25ee1e3a8f9760294dce6dd964a74e64cf886
    Size: 2.38 MB

Asianux Server 7 for x86_64
  1. ksh-20120801-140.el7.x86_64.rpm
    MD5: c4ddd8f942d63ad9b1538834deae88a0
    SHA-256: c5c0fc6c11471047e277c8587a2448fd6e530d6be49614714600a0525d381c0d
    Size: 883.18 kB