[El-errata] ELSA-2017-1931 Moderate: Oracle Linux 7 bash security and bug fix update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Aug 8 13:44:53 PDT 2017
Oracle Linux Security Advisory ELSA-2017-1931
http://linux.oracle.com/errata/ELSA-2017-1931.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
bash-4.2.46-28.el7.x86_64.rpm
bash-doc-4.2.46-28.el7.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/bash-4.2.46-28.el7.src.rpm
Description of changes:
[4.2.46-28]
- CVE-2016-9401 - Fix crash when '-' is passed as second sign to popd
Resolves: #1429838
[4.2.46-27]
- CVE-2016-7543: Fix for arbitrary code execution via SHELLOPTS+PS4
variables
Resolves: #1426026
[4.2.46-26]
- CVE-2016-0634: Fix for arbitrary code execution via malicious hostname
Resolves: #1379237
[4.2.46-25]
- Plug a leak related to compound assignments
Resolves: #1264101
[4.2.46-24]
- Recognize cd -e
Resolves: #1267478
[4.2.46-23]
- Add a condition before setting pipeline_pgrp to shell_pgrp
Resolves: #1377496
[4.2.46-22]
- Avoid crash in parameter expansion while expanding long strings
Resolves: #1403255
More information about the El-errata
mailing list