bash: security update to patch level 7 #49

MingcongBai · 2017-02-08T01:37:53Z

An exploit can be realized by creating a file or directory with a specially crafted name. A user utilizing GNU Bash’s built-in path completion by hitting the Tab button (f.e. to remove it with rm) triggers the exploit without executing a command itself. The vulnerability has been introduced on the devel -branch in May 2015.

CVE-2017-5932 was just assigned for this particular vulnerability, which is fixed with patch level 7.

Bash for AOSC OS Core has been updated to patch level 12, which includes a fix for this particular security vulnerability - with commit f6105ba. Use AOSA-2017-0019 for this issue.

The text was updated successfully, but these errors were encountered:

MingcongBai added the security label Feb 8, 2017

MingcongBai added this to the Core 4.2 milestone Feb 8, 2017

MingcongBai closed this as completed Feb 8, 2017

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

bash: security update to patch level 7 #49

bash: security update to patch level 7 #49

MingcongBai commented Feb 8, 2017

bash: security update to patch level 7 #49

bash: security update to patch level 7 #49

Comments

MingcongBai commented Feb 8, 2017