Univention Bugzilla – Bug 49096
bash: Multiple issues (4.2)
Last modified: 2019-03-27 16:44:55 CET
New Debian bash 4.3-11+deb8u2 fixes: This update addresses the following issues: * popd controlled free (CVE-2016-9401) * BASH_CMD is writable in restricted bash shells (CVE-2019-9924)
--- mirror/ftp/4.2/unmaintained/4.2-0/source/bash_4.3-11+deb8u1.dsc +++ apt/ucs_4.2-0-errata4.2-5/source/bash_4.3-11+deb8u2.dsc @@ -1,3 +1,9 @@ +4.3-11+deb8u2 [Mon, 25 Mar 2019 11:50:49 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: + + * Non-maintainer upload by the LTS Team. + * CVE-2019-9924: restrict BASH_CMDS when in restricted mode. + * CVE-2016-9401: fix crash in popd with out of range nevative offsets. + 4.3-11+deb8u1 [Sun, 09 Oct 2016 17:35:21 +0200] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload. <http://10.200.17.11/4.2-5/#2658808861840384829>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.2-5] ed39133bd3 Bug #49096: bash 4.3-11+deb8u2 doc/errata/staging/bash.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+)
<http://errata.software-univention.de/ucs/4.2/615.html>