Download
| Alert*
|
oval:org.secpod.oval:def:1801558
A vulnerability was found in popd. It can be tricked to free a user supplied address in the following way: $ popd +-111111 This could be used to bypass restricted shells on some environments to cause use-after-free. oval:org.secpod.oval:def:1800198 bash is installed oval:org.secpod.oval:def:702231 bash is installed oval:org.secpod.oval:def:40633 bash: GNU Bourne Again SHell Several security issues were fixed in Bash. oval:org.secpod.oval:def:1800197 Shells running as root inherited PS4 from the environment, allowing PS4 expansion performing command substitution. Local attacker could gain arbitrary code execution via bogus setuid binaries using system/popen by specially crafting SHELLOPTS+PS4 environment variables. Fixed In Version bash 4.4 oval:org.secpod.oval:def:88518 bash: GNU Bourne Again SHell Bash could be used to escalate privileges. oval:org.secpod.oval:def:52308 bash: GNU Bourne Again SHell Bash allowed bypassing environment restrictions in certain environments. oval:org.secpod.oval:def:702228 bash: GNU Bourne Again SHell Bash allowed bypassing environment restrictions in certain environments. oval:org.secpod.oval:def:702233 bash: GNU Bourne Again SHell Details: USN-2363-1 fixed a vulnerability in Bash. Due to a build issue, the patch for CVE-2014-7169 didn"t get properly applied in the Ubuntu 14.04 LTS package. This update fixes the problem. We apologize for the inconvenience. Original advisory Bash allowed bypassing e ... oval:org.secpod.oval:def:702232 bash: GNU Bourne Again SHell Bash allowed bypassing environment restrictions in certain environments. oval:org.secpod.oval:def:52311 bash: GNU Bourne Again SHell Details: USN-2363-1 fixed a vulnerability in Bash. Due to a build issue, the patch for CVE-2014-7169 didn"t get properly applied in the Linux Mint 17.x LTS package. This update fixes the problem. We apologize for the inconvenience. Original advisory Bash allowed bypassin ... oval:org.secpod.oval:def:52310 bash: GNU Bourne Again SHell Bash allowed bypassing environment restrictions in certain environments. oval:org.secpod.oval:def:1800618 Shells running as root inherited PS4 from the environment, allowing PS4 expansion performing command substitution. Local attacker could gain arbitrary code execution via bogus setuid binaries using system/popen by specially crafting SHELLOPTS+PS4 environment variables. Fixed In Version: bash 4.4 oval:org.secpod.oval:def:51796 bash: GNU Bourne Again SHell Several security issues were fixed in Bash. oval:org.secpod.oval:def:1800543 A vulnerability was found in popd. It can be tricked to free a user supplied address in the following way: $ popd +-111111 This could be used to bypass restricted shells on some environments to cause use-after-free.. oval:org.secpod.oval:def:703612 bash: GNU Bourne Again SHell Several security issues were fixed in Bash. oval:org.secpod.oval:def:1800502 A vulnerability was found in popd. It can be tricked to free a user supplied address in the following way: $ popd +-111111 This could be used to bypass restricted shells on some environments to cause use-after-free. Reference Patch oval:org.secpod.oval:def:702241 bash: GNU Bourne Again SHell Several security issues were fixed in Bash. oval:org.secpod.oval:def:601787 Tavis Ormandy discovered that the patch applied to fix CVE-2014-6271 released in DSA-3032-1 for bash, the GNU Bourne-Again Shell, was incomplete and could still allow some characters to be injected into another environment . With this update prefix and suffix for environment variable names which con ... oval:org.secpod.oval:def:52315 bash: GNU Bourne Again SHell Several security issues were fixed in Bash. oval:org.secpod.oval:def:52316 bash: GNU Bourne Again SHell Several security issues were fixed in Bash. oval:org.secpod.oval:def:702239 bash: GNU Bourne Again SHell Several security issues were fixed in Bash. oval:org.secpod.oval:def:708833 bash: GNU Bourne Again SHell Bash could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:99545 bash: GNU Bourne Again SHell Bash could be made to crash or run programs as your login if it opened a specially crafted file. |
