[Oraclevm-errata] OVMSA-2017-0050 Moderate: Oracle VM 3.4 bash security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Wed Mar 29 13:02:04 PDT 2017


Oracle VM Security Advisory OVMSA-2017-0050

The following updated rpms for Oracle VM 3.4 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
bash-4.1.2-48.el6.x86_64.rpm


SRPMS:
http://oss.oracle.com/oraclevm/server/3.4/SRPMS-updates/bash-4.1.2-48.el6.src.rpm



Description of changes:

[4.1.2-48]
- Fix signal handling in read builtin
   Resolves: #1421926

[4.1.2-47]
- CVE-2016-9401 - Fix crash when '-' is passed as second sign to popd
   Resolves: #1396383

[4.1.2-46]
- CVE-2016-7543 - Fix for arbitrary code execution via SHELLOPTS+PS4 
variables
   Resolves: #1379630

[4.1.2-45]
- CVE-2016-0634 - Fix for arbitrary code execution via malicious hostname
   Resolves: #1377613

[4.1.2-44]
- Avoid crash in parameter expansion while expanding long strings
   Resolves: #1359142

[4.1.2-43]
- Stop reading input when SIGHUP is received
   Resolves: #1325753

[4.1.2-42]
- Bash leaks memory while doing pattern removal in parameter expansion
   Resolves: #1283829

[4.1.2-41]
- Fix a race condition in saving bash history on shutdown
   Resolves: #1325753

[4.1.2-40]
- Bash shouldn't ignore bash --debugger without a dbger installed
   Related: #1260568

[4.1.2-39]
- Wrong parsing inside for loop and brackets
   Resolves: #1207803

[4.1.2-38]
- IFS incorrectly splitting herestrings
   Resolves: #1250070

[4.1.2-37]
- Case in a for loop in a subshell causes a syntax error
   Resolves: #1240994

[4.1.2-36]
- Bash shouldn't ignore bash --debugger without a dbger installed
   Resolves: #1260568

[4.1.2-35]
- Bash leaks memory when repeatedly doing a pattern-subst
   Resolves: #1207042

[4.1.2-34]
- Bash hangs when a signal is received
   Resolves: #868846




More information about the Oraclevm-errata mailing list