MDVSA-2012:128
- Package name
- bash
- Date
- 2012-08-09
- Advisory ID
- MDVSA-2012:128
- Affected versions
- 2011 i586 , 2011 x86_64
Problem description
A vulnerability was found and corrected in bash:
A stack-based buffer overflow flaw was found in the way bash, the
GNU Bourne Again shell, expanded certain /dev/fd file names when
checking file names ('test' command) and evaluating /dev/fd file
names in conditinal command expressions. A remote attacker could
provide a specially-crafted Bash script that, when executed, would
cause the bash executable to crash (CVE-2012-3410).
Additionally the official patches 011 to 037 for bash-4.2 has been
applied which resolves other issues found, including the CVE-2012-3410
vulnerability.
Updated packages
2011 i586
e855aeda31d44a58bcc5690c3fb32498 2011/i586/bash-4.2-9.1-mdv2011.0.i586.rpm 78bbd74e7af07ce4be8f07901a05e05e 2011/i586/bash-doc-4.2-9.1-mdv2011.0.i586.rpm dedc630238e16c08a0748d4ab0ecf4e8 2011/SRPMS/bash-4.2-9.1.src.rpm
2011 x86_64
af9fdfc0bfb3e393f363a25c136ed3f0 2011/x86_64/bash-4.2-9.1-mdv2011.0.x86_64.rpm 7aba42d877ae9c60cc7ac1c82425f500 2011/x86_64/bash-doc-4.2-9.1-mdv2011.0.x86_64.rpm dedc630238e16c08a0748d4ab0ecf4e8 2011/SRPMS/bash-4.2-9.1.src.rpm
References
- ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-037
- ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-036
- ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-035
- ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-034
- ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-033
- ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-032
- ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-031
- ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-030
- ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-029
- ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-028
- ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-027
- ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-026
- ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-025
- ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-024
- ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-023
- ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-022
- ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-021
- ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-020
- ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-019
- ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-018
- ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-017
- ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-016
- ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-015
- ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-014
- ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-013
- ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-012
- ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-011
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3410