Download
| Alert*
oval:org.secpod.oval:def:1801558
A vulnerability was found in popd. It can be tricked to free a user supplied address in the following way: $ popd +-111111 This could be used to bypass restricted shells on some environments to cause use-after-free. oval:org.secpod.oval:def:89044485 This update for bash fixed several issues This security issue was fixed: - CVE-2016-9401: popd in bash might allowed local users to bypass the restricted shell and cause a use-after-free via a crafted address . This non-security issue was fixed: - Fix when HISTSIZE=0 and chattr +a .bash_history oval:org.secpod.oval:def:89044799 This update for bash fixes an issue that could lead to syntax errors when parsing scripts that use expr inside loops. Additionally, the popd build-in now ensures that the normalized stack offset is within bounds before trying to free that stack entry. This fixes a segmentation fault. oval:org.secpod.oval:def:40633 bash: GNU Bourne Again SHell Several security issues were fixed in Bash. oval:org.secpod.oval:def:2100673 popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address. oval:org.secpod.oval:def:204589 The bash packages provide Bash , which is the default shell for Red Hat Enterprise Linux. Security Fix: * An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines ... oval:org.secpod.oval:def:204694 The bash packages provide Bash , which is the default shell for Red Hat Enterprise Linux. Security Fix: * An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines ... oval:org.secpod.oval:def:1501804 The bash packages provide Bash , which is the default shell for Red Hat Enterprise Linux. Security Fix: * An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines ... oval:org.secpod.oval:def:502078 The bash packages provide Bash , which is the default shell for Red Hat Enterprise Linux. Security Fix: * An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines ... oval:org.secpod.oval:def:51796 bash: GNU Bourne Again SHell Several security issues were fixed in Bash. oval:org.secpod.oval:def:1600759 popd controlled free:A denial of service flaw was found in the way bash handled popd commands. A poorly written shell script could cause bash to crash resulting in a local denial of service limited to a specific bash session.Arbitrary code execution via malicious hostname:An arbitrary command inject ... oval:org.secpod.oval:def:1800543 A vulnerability was found in popd. It can be tricked to free a user supplied address in the following way: $ popd +-111111 This could be used to bypass restricted shells on some environments to cause use-after-free.. oval:org.secpod.oval:def:703612 bash: GNU Bourne Again SHell Several security issues were fixed in Bash. oval:org.secpod.oval:def:1800502 A vulnerability was found in popd. It can be tricked to free a user supplied address in the following way: $ popd +-111111 This could be used to bypass restricted shells on some environments to cause use-after-free. Reference Patch oval:org.secpod.oval:def:502007 The bash packages provide Bash , which is the default shell for Red Hat Enterprise Linux. Security Fix: * An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines ... oval:org.secpod.oval:def:1501960 The advisory is missing the security advisory description. For more information please visit the reference link |