[Oraclevm-errata] OVMSA-2017-0050 Moderate: Oracle VM 3.3 bash security update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Wed Mar 29 13:05:24 PDT 2017
Oracle VM Security Advisory OVMSA-2017-0050
The following updated rpms for Oracle VM 3.3 have been uploaded to the
Unbreakable Linux Network:
x86_64:
bash-4.1.2-48.el6.x86_64.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/3.3/SRPMS-updates/bash-4.1.2-48.el6.src.rpm
Description of changes:
[4.1.2-48]
- Fix signal handling in read builtin
Resolves: #1421926
[4.1.2-47]
- CVE-2016-9401 - Fix crash when '-' is passed as second sign to popd
Resolves: #1396383
[4.1.2-46]
- CVE-2016-7543 - Fix for arbitrary code execution via SHELLOPTS+PS4
variables
Resolves: #1379630
[4.1.2-45]
- CVE-2016-0634 - Fix for arbitrary code execution via malicious hostname
Resolves: #1377613
[4.1.2-44]
- Avoid crash in parameter expansion while expanding long strings
Resolves: #1359142
[4.1.2-43]
- Stop reading input when SIGHUP is received
Resolves: #1325753
[4.1.2-42]
- Bash leaks memory while doing pattern removal in parameter expansion
Resolves: #1283829
[4.1.2-41]
- Fix a race condition in saving bash history on shutdown
Resolves: #1325753
[4.1.2-40]
- Bash shouldn't ignore bash --debugger without a dbger installed
Related: #1260568
[4.1.2-39]
- Wrong parsing inside for loop and brackets
Resolves: #1207803
[4.1.2-38]
- IFS incorrectly splitting herestrings
Resolves: #1250070
[4.1.2-37]
- Case in a for loop in a subshell causes a syntax error
Resolves: #1240994
[4.1.2-36]
- Bash shouldn't ignore bash --debugger without a dbger installed
Resolves: #1260568
[4.1.2-35]
- Bash leaks memory when repeatedly doing a pattern-subst
Resolves: #1207042
[4.1.2-34]
- Bash hangs when a signal is received
Resolves: #868846
[4.1.2-33]
- Allow importing exported functions with hyphens
Resolves: #1155455
[4.1.2-32]
- Allow importing exported functions with hyphens
Resolves: #1148507
[4.1.2-31]
- Better doc. for ulimit -c and -f options
Resolves: #1119587
[4.1.2-30]
- Fix a segfault from shellshock check-scripts
Resolves: #1150544
[4.1.2-29]
- CVE-2014-7169
Resolves: #1146323
[4.1.2-28]
- Fix-up the patch
Related: #1141646
[4.1.2-27]
- Check for fishy environment
Related: #1141646
[4.1.2-26]
- Final fix for bash vi mode
Related: #1102803
[4.1.2-25]
- Fix double echoes differently
Related: #1102803
[4.1.2-24]
- Fix memory leaks and keep coverity happy
Related: #1010164
[4.1.2-23]
- Fix double echoes
Resolves: #1102803
[4.1.2-22]
- Fix some heavy memory leaks
Resolves: #1010164
[4.1.2-21]
- Document changes to the extglob behaviour in the man page
Resolves: #1011064
[4.1.2-20]
- Fix reading of empty history
Resolves: #986095
[4.1.2-19]
- Fix file descriptor leaks
Resolves: #948207
[4.1.2-18]
- Fix certain brace expansion cases
Resolves: #1012015
[4.1.2-17]
- Fix double free after receiving SIGCHLD
Resolves: #951171
[4.1.2-16]
- Output multiline here-strings correctly.
Resolves: #1007926
More information about the Oraclevm-errata
mailing list