[Oraclevm-errata] OVMSA-2017-0050 Moderate: Oracle VM 3.4 bash security update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Wed Mar 29 13:02:04 PDT 2017
Oracle VM Security Advisory OVMSA-2017-0050
The following updated rpms for Oracle VM 3.4 have been uploaded to the
Unbreakable Linux Network:
x86_64:
bash-4.1.2-48.el6.x86_64.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/3.4/SRPMS-updates/bash-4.1.2-48.el6.src.rpm
Description of changes:
[4.1.2-48]
- Fix signal handling in read builtin
Resolves: #1421926
[4.1.2-47]
- CVE-2016-9401 - Fix crash when '-' is passed as second sign to popd
Resolves: #1396383
[4.1.2-46]
- CVE-2016-7543 - Fix for arbitrary code execution via SHELLOPTS+PS4
variables
Resolves: #1379630
[4.1.2-45]
- CVE-2016-0634 - Fix for arbitrary code execution via malicious hostname
Resolves: #1377613
[4.1.2-44]
- Avoid crash in parameter expansion while expanding long strings
Resolves: #1359142
[4.1.2-43]
- Stop reading input when SIGHUP is received
Resolves: #1325753
[4.1.2-42]
- Bash leaks memory while doing pattern removal in parameter expansion
Resolves: #1283829
[4.1.2-41]
- Fix a race condition in saving bash history on shutdown
Resolves: #1325753
[4.1.2-40]
- Bash shouldn't ignore bash --debugger without a dbger installed
Related: #1260568
[4.1.2-39]
- Wrong parsing inside for loop and brackets
Resolves: #1207803
[4.1.2-38]
- IFS incorrectly splitting herestrings
Resolves: #1250070
[4.1.2-37]
- Case in a for loop in a subshell causes a syntax error
Resolves: #1240994
[4.1.2-36]
- Bash shouldn't ignore bash --debugger without a dbger installed
Resolves: #1260568
[4.1.2-35]
- Bash leaks memory when repeatedly doing a pattern-subst
Resolves: #1207042
[4.1.2-34]
- Bash hangs when a signal is received
Resolves: #868846
More information about the Oraclevm-errata
mailing list