Nom du paquet
bash
Date
2013-04-05
Advisory ID
MDVSA-2013:032
Affected versions
MBS1 x86_64

Problem description

A vulnerability was found and corrected in bash:

A stack-based buffer overflow flaw was found in the way bash, the
GNU Bourne Again shell, expanded certain /dev/fd file names when
checking file names ('test' command) and evaluating /dev/fd file
names in conditinal command expressions. A remote attacker could
provide a specially-crafted Bash script that, when executed, would
cause the bash executable to crash (CVE-2012-3410).

Additionally the official patches 011 to 037 for bash-4.2 has been
applied which resolves other issues found, including the CVE-2012-3410
vulnerability.

NOTE: This advisory was previousely given the MDVSA-2013:019 identifier
by mistake.

Updated packages

MBS1 x86_64

 46145b0886f5055753aa0948a6c41cd6  mbs1/x86_64/bash-4.2-6.1.mbs1.x86_64.rpm
 4e9620a5487c6ded6014938ec68342e8  mbs1/x86_64/bash-doc-4.2-6.1.mbs1.x86_64.rpm 
 3d3362865b94952d755d5906d9b93485  mbs1/SRPMS/bash-4.2-6.1.mbs1.src.rpm

References