- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LUB
==========================================================================
Ubuntu Security Notice USN-3294-1
May 17, 2017
bash vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 17.04
– Ubuntu 16.10
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Bash.
Software Description:
– bash: GNU Bourne Again SHell
Details:
Bernd Dietzel discovered that Bash incorrectly expanded the hostname when
displaying the prompt. If a remote attacker were able to modify a hostname,
this flaw could be exploited to execute arbitrary code. This issue only
affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10.
(CVE-2016-0634)
It was discovered that Bash incorrectly handled the SHELLOPTS and PS4
environment variables. A local attacker could use this issue to execute
arbitrary code with root privileges. This issue only affected Ubuntu 14.04
LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7543)
It was discovered that Bash incorrectly handled the popd command. A remote
attacker could possibly use this issue to bypass restricted shells.
(CVE-2016-9401)
It was discovered that Bash incorrectly handled path autocompletion. A
local attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 17.04. (CVE-2017-5932)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
bash 4.4-2ubuntu1.1
Ubuntu 16.10:
bash 4.3-15ubuntu1.1
Ubuntu 16.04 LTS:
bash 4.3-14ubuntu1.2
Ubuntu 14.04 LTS:
bash 4.3-7ubuntu1.7
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3294-1
CVE-2016-0634, CVE-2016-7543, CVE-2016-9401, CVE-2017-5932
Package Information:
https://launchpad.net/ubuntu/+source/bash/4.4-2ubuntu1.1
https://launchpad.net/ubuntu/+source/bash/4.3-15ubuntu1.1
https://launchpad.net/ubuntu/+source/bash/4.3-14ubuntu1.2
https://launchpad.net/ubuntu/+source/bash/4.3-7ubuntu1.7
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAEBCgAGBQJZHIbPAAoJEGVp2FWnRL6T1doQAJRrw4DFfTHJEAVY+5Q9EM3h
UQINMaKQOAkWXdEX94cSILvPmQjGUPFBJ9NSVJT/4ShKlXg3Umb8zpCoJOA1hraL
6kfkbhZX5hw5JptUbkDrL/6v7z2BDZp4o/PGnFQH3T2yLJg0ZdoppLbidmutyBc8
hnvpbYGBc1os2bVB0pI9YJsPdlRZDneSHqo6759Pi9UuuDjERyR1aLiigctVkQzZ
shPjfsLJc5PaNXMd4EbX+KE3xTAbrvJXeQ+AwZr8DIKa5Z9FxD2A8ginE1fHufcN
XDDJ+URLTZEnyPkGtqetsJAMO1Wcu6MdfrOiilrdPnWN4rsQPxidB2oAr3DaaO/2
dVj3ieQXKw9nxj2Ei69Zgwmx0pGK0XnhB65ToUbSis5Zs/wVU4kV0tWMGSB9Thv3
SR7R5lThNxcCo+UD7bIvU1Bn+6cvS9qZfJnY7+pCZzXLHOe2pEoq6CRdGsHyVJTD
4cP1+L52NWz9kbUQH+d4CvQX69fWYKQp4KtSyBuTUpBrPzn2LkhGSfAlBOvmxxat
XRgw7fEd9h2NEUJD3vtSa7okD06AEkQ3LIaroxgV2RErW2UWqrzlROZ71m/IdcpP
nT+mtwHHJIyA71H77SVBOioHyvQTDRtdZnGUz5pAwNAoGM0Oz2Fq9KvjqcN/tzMR
nRSrzWNjoI66uQIvDBff
=Dodn
—–END PGP SIGNATURE—–
—
| Autor | Tomislav Protega |
| Cert id | NCERT-REF-2017-05-0042-ADV |
| Cve | CERT-CVE-DUMMY |
| ID izvornika | CERT-ORIGID-DUMMY |
| Proizvod | CERT-DUMMY-PRODUCT |
| Izvor | http://www.adobe.com/ |
