Paketname
bash
Datum
2012-08-09
Advisory ID
MDVSA-2012:128
Betroffene Versionen
2011 i586 , 2011 x86_64

Problembeschreibung

A vulnerability was found and corrected in bash:

A stack-based buffer overflow flaw was found in the way bash, the
GNU Bourne Again shell, expanded certain /dev/fd file names when
checking file names ('test' command) and evaluating /dev/fd file
names in conditinal command expressions. A remote attacker could
provide a specially-crafted Bash script that, when executed, would
cause the bash executable to crash (CVE-2012-3410).

Additionally the official patches 011 to 037 for bash-4.2 has been
applied which resolves other issues found, including the CVE-2012-3410
vulnerability.

Aktualisierte Pakete

2011 i586

 e855aeda31d44a58bcc5690c3fb32498  2011/i586/bash-4.2-9.1-mdv2011.0.i586.rpm
 78bbd74e7af07ce4be8f07901a05e05e  2011/i586/bash-doc-4.2-9.1-mdv2011.0.i586.rpm 
 dedc630238e16c08a0748d4ab0ecf4e8  2011/SRPMS/bash-4.2-9.1.src.rpm

2011 x86_64

 af9fdfc0bfb3e393f363a25c136ed3f0  2011/x86_64/bash-4.2-9.1-mdv2011.0.x86_64.rpm
 7aba42d877ae9c60cc7ac1c82425f500  2011/x86_64/bash-doc-4.2-9.1-mdv2011.0.x86_64.rpm 
 dedc630238e16c08a0748d4ab0ecf4e8  2011/SRPMS/bash-4.2-9.1.src.rpm

Referenzen