bash-4.2.46-34.el7

エラータID: AXSA:2020-4537:01

Release date: 
Thursday, April 2, 2020 - 04:24
Subject: 
bash-4.2.46-34.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The bash packages provide Bash (Bourne-again shell), which is the default shell for Asianux Server.

Security Fix(es):

* bash: BASH_CMD is writable in restricted bash shells (CVE-2019-9924)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.8 Release Notes linked from the References section.

CVE-2019-9924
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.

Solution: 

Update packages.

CVEs: 
CVE-2019-9924
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.
Additional Info: 

N/A

Download: 

SRPMS
  1. bash-4.2.46-34.el7.src.rpm
    MD5: cd8014be0be200f6a77d0f9ad7663c79
    SHA-256: be8236db00ec5e4604608269bb088cfa78fd400787a0525cce361073d1696493
    Size: 6.81 MB

Asianux Server 7 for x86_64
  1. bash-4.2.46-34.el7.x86_64.rpm
    MD5: 8fb411e9fb00776e906dec16421c7edb
    SHA-256: 1f9fce21eae38ea6166157ed62d8c31c7254c321753aa194fb181808b55f6f8d
    Size: 0.99 MB