bash-4.2.46-28.el7

エラータID: AXSA:2017-1762:01

リリース日: 
2017/08/26 Saturday - 00:23
題名: 
bash-4.2.46-28.el7
影響のあるチャネル: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The GNU Bourne Again shell (Bash) is a shell or command language
interpreter that is compatible with the Bourne shell (sh). Bash
incorporates useful features from the Korn shell (ksh) and the C shell
(csh). Most sh scripts can be run by bash without modification.

CVE-2016-0634
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-7543
Bash before 4.4 allows local users to execute arbitrary commands with
root privileges via crafted SHELLOPTS and PS4 environment variables.
CVE-2016-9401
popd in bash might allow local users to bypass the restricted shell
and cause a use-after-free via a crafted address.

解決策: 

Update packages.

CVE: 
CVE-2016-0634
The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine.
CVE-2016-7543
Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.
CVE-2016-9401
popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. bash-4.2.46-28.el7.src.rpm
    MD5: 9062cc093daa686c03b46170741f9dc2
    SHA-256: 70f444003da3a0d01b9b9c9c8d3ad82bab8f58992e908786d2935acb17d06539
    Size: 6.80 MB

Asianux Server 7 for x86_64
  1. bash-4.2.46-28.el7.x86_64.rpm
    MD5: 3e4df59529156e23b5ff403645229894
    SHA-256: c88a5c238715b7794c22541cb2d504f94ac6140737e19d7144d718291b021b67
    Size: 0.99 MB