[SECURITY] Fedora 21 Update: mksh-50c-1.fc21

updates at fedoraproject.org updates at fedoraproject.org
Fri Oct 10 16:07:30 UTC 2014 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-12210
2014-10-05 06:43:00
--------------------------------------------------------------------------------

Name        : mksh
Product     : Fedora 21
Version     : 50c
Release     : 1.fc21
URL         : https://www.mirbsd.org/mksh.htm
Summary     : MirBSD enhanced version of the Korn Shell
Description :
mksh is the MirBSD enhanced version of the Public Domain Korn shell (pdksh),
a bourne-compatible shell which is largely similar to the original AT&T Korn
shell. It includes bug fixes and feature improvements in order to produce a
modern, robust shell good for interactive and especially script use, being a
bourne shell replacement, pdksh successor and an alternative to the C shell.

--------------------------------------------------------------------------------
Update Information:

R50c is a security fix release:

  * Know more rare signals when generating sys_signame[] replacement
  * OpenBSD sync (mostly RCSID only)
  * Document HISTSIZE limit; found by luigi_345 on IRC
  * Fix link to Debian .mkshrc
  * Cease exporting $RANDOM (Debian #760857)
  * Fix C99 compatibility
  * Work around klibc bug causing a coredump (Debian #763842)
  * Use issetugid(2) as additional check if we are FPRIVILEGED
  * SECURITY: do not permit += from environment
  * Fix more field splitting bugs reported by Stephane Chazelas and mikeserv; document current status wrt. ambiguous ones as testcases too
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1149626 - mksh: do not permit += from environment
        https://bugzilla.redhat.com/show_bug.cgi?id=1149626
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update mksh' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list