This update for bash fixes the following issues: - CVE-2016-7543: Local attackers could have executed arbitrary commands via specially crafted SHELLOPTS+PS4 variables. - CVE-2016-0634: Malicious hostnames could have allowed arbitrary command execution when $HOSTNAME was expanded in the prompt. The following bugs were fixed: - bsc#971410: Scripts could terminate unexpectedly due to mishandled recursive traps. - bsc#959755: Clarify that the files /etc/profile as well as /etc/bash.bashrc may source other files as well even if the bash does not.