[El-errata] ELSA-2017-1931 Moderate: Oracle Linux 7 bash security and bug fix update

Tue Aug 8 13:44:53 PDT 2017

Oracle Linux Security Advisory ELSA-2017-1931

http://linux.oracle.com/errata/ELSA-2017-1931.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
bash-4.2.46-28.el7.x86_64.rpm
bash-doc-4.2.46-28.el7.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/bash-4.2.46-28.el7.src.rpm

Description of changes:

[4.2.46-28]
- CVE-2016-9401 - Fix crash when '-' is passed as second sign to popd
   Resolves: #1429838

[4.2.46-27]
- CVE-2016-7543: Fix for arbitrary code execution via SHELLOPTS+PS4 
variables
   Resolves: #1426026

[4.2.46-26]
- CVE-2016-0634: Fix for arbitrary code execution via malicious hostname
   Resolves: #1379237

[4.2.46-25]
- Plug a leak related to compound assignments
   Resolves: #1264101

[4.2.46-24]
- Recognize cd -e
   Resolves: #1267478

[4.2.46-23]
- Add a condition before setting pipeline_pgrp to shell_pgrp
   Resolves: #1377496

[4.2.46-22]
- Avoid crash in parameter expansion while expanding long strings
   Resolves: #1403255