Package "bash-static"
Links
Download "bash-static"
Other versions of "bash-static" in Xenial
Changelog
|
bash (4.3-14ubuntu1.4) xenial-security; urgency=medium
* SECURITY UPDATE: rbash restriction bypass (LP: #1803441)
- debian/patches/CVE-2019-9924.patch: if the shell is restricted,
reject attempts to add pathnames containing slashes to the hash table
in variables.c.
- CVE-2019-9924
-- Marc Deslauriers <email address hidden> Fri, 12 Jul 2019 14:25:28 -0400
|
| Source diff to previous version |
| 1803441 |
BASH_CMDS is writable in restricted bash shells (fixed upstream, need to backport patch) |
| CVE-2019-9924 |
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permis |
|
|
bash (4.3-14ubuntu1.3) xenial; urgency=medium
* Resurrect "Set the default path to comply with Debian policy" in
deb-bash-config.diff which went missing since 4.2+dfsg-1 or so.
LP: #1792004 LP: #1614080 Closes: #781367
* Add autopkgtest for the built-in path.
-- Dimitri John Ledkov <email address hidden> Fri, 03 May 2019 14:57:15 +0100
|
| Source diff to previous version |
| 1792004 |
built-in PATH seems to have sbin and bin out of order; and inconsistent |
| 1614080 |
PATH contains dot when PATH is unset before running bash |
| 781367 |
bash may set a PATH including "." under certain circumstances - Debian Bug report logs |
|
|
bash (4.3-14ubuntu1.2) xenial-security; urgency=medium
* SECURITY UPDATE: word expansions on the prompt strings (LP: #1507025)
- debian/patches/bash43-047.diff: add quoting to parse.y, y.tab.c.
- CVE-2016-0634
* SECURITY UPDATE: code execution via crafted SHELLOPTS and PS4
(LP: #1689304)
- debian/patches/bash43-048.diff: check for root in variables.c.
- CVE-2016-7543
* SECURITY UPDATE: restricted shell bypass via use-after-free
- debian/patches/bash44-006.diff: check for negative offsets in
builtins/pushd.def.
- CVE-2016-9401
-- Marc Deslauriers <email address hidden> Tue, 16 May 2017 07:51:45 -0400
|
| Source diff to previous version |
| 1507025 |
Shell Command Injection with the hostname |
| 1689304 |
Unfixed Code Execution Vulnerability CVE-2016-7543 |
| CVE-2016-0634 |
bash prompt expanding return value from gethostname() |
| CVE-2016-7543 |
Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. |
| CVE-2016-9401 |
popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address. |
|
|
bash (4.3-14ubuntu1.1) xenial-proposed; urgency=medium
* SRU: LP: #1595869.
* Apply upstream patches 043 - 046. Fixes:
- When the lastpipe option is enabled, the last component can contain
nested pipelines and cause a segmentation fault under
certain circumstances.
- A typo prevents the `compat42' shopt option from working as intended.
- If a file open attempted as part of a redirection fails because it is
interrupted by a signal, the shell needs to process any pending traps
to allow the redirection to be canceled.
- An incorrect conversion from an indexed to associative array can result
in a core dump.
* Add $HOME/.local/bin to PATH, and add the user's home directories
unconditionally to the path, so that they are available without
a new login. Closes: #820856, LP: #1588562.
-- Matthias Klose <email address hidden> Fri, 24 Jun 2016 10:20:17 +0200
|
| 1595869 |
SRU: apply four upstream bug fixes in bash for 16.04 LTS |
| 1588562 |
Please add ~/.local/bin to the default $PATH |
| 820856 |
bash: Please add ~/.local/bin to the default $PATH - Debian Bug report logs |
|
About
-
Send Feedback to @ubuntu_updates
