ksh-20120801-253.el8
エラータID: AXSA:2020-169:04
KornShell (ksh) is a Unix shell developed by AT&T; Bell Laboratories, which is backward-compatible with the Bourne shell (sh) and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard (IEEE Std 1003.2-1992).
Security Fix(es):
* ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (CVE-2019-14868)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2019-14868
In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.
Update packages.
In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.
N/A
SRPMS
- ksh-20120801-253.el8.src.rpm
MD5: 47f8ffaca4f36236dade54b3ef759695
SHA-256: bbe3f37329ee72c3cde35f9cc3c124644ab2e8bf2ce7e718d2077b4f5614a337
Size: 2.39 MB
Asianux Server 8 for x86_64
- ksh-20120801-253.el8.x86_64.rpm
MD5: c3180979652796da76415d9515418373
SHA-256: feff034d69f62c052f9bce03d28d71aa57a741223b9b4a95a0081c0967c416e7
Size: 1.47 MB
日本語