You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa bash

Sigurnosni nedostaci programskog paketa bash

==========================================================================
Ubuntu Security Notice USN-3294-1
May 17, 2017

bash vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.04
– Ubuntu 16.10
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Bash.

Software Description:
– bash: GNU Bourne Again SHell

Details:

Bernd Dietzel discovered that Bash incorrectly expanded the hostname when
displaying the prompt. If a remote attacker were able to modify a hostname,
this flaw could be exploited to execute arbitrary code. This issue only
affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10.
(CVE-2016-0634)

It was discovered that Bash incorrectly handled the SHELLOPTS and PS4
environment variables. A local attacker could use this issue to execute
arbitrary code with root privileges. This issue only affected Ubuntu 14.04
LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7543)

It was discovered that Bash incorrectly handled the popd command. A remote
attacker could possibly use this issue to bypass restricted shells.
(CVE-2016-9401)

It was discovered that Bash incorrectly handled path autocompletion. A
local attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 17.04. (CVE-2017-5932)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
bash 4.4-2ubuntu1.1

Ubuntu 16.10:
bash 4.3-15ubuntu1.1

Ubuntu 16.04 LTS:
bash 4.3-14ubuntu1.2

Ubuntu 14.04 LTS:
bash 4.3-7ubuntu1.7

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-3294-1
CVE-2016-0634, CVE-2016-7543, CVE-2016-9401, CVE-2017-5932

Package Information:
https://launchpad.net/ubuntu/+source/bash/4.4-2ubuntu1.1
https://launchpad.net/ubuntu/+source/bash/4.3-15ubuntu1.1
https://launchpad.net/ubuntu/+source/bash/4.3-14ubuntu1.2
https://launchpad.net/ubuntu/+source/bash/4.3-7ubuntu1.7

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAEBCgAGBQJZHIbPAAoJEGVp2FWnRL6T1doQAJRrw4DFfTHJEAVY+5Q9EM3h
UQINMaKQOAkWXdEX94cSILvPmQjGUPFBJ9NSVJT/4ShKlXg3Umb8zpCoJOA1hraL
6kfkbhZX5hw5JptUbkDrL/6v7z2BDZp4o/PGnFQH3T2yLJg0ZdoppLbidmutyBc8
hnvpbYGBc1os2bVB0pI9YJsPdlRZDneSHqo6759Pi9UuuDjERyR1aLiigctVkQzZ
shPjfsLJc5PaNXMd4EbX+KE3xTAbrvJXeQ+AwZr8DIKa5Z9FxD2A8ginE1fHufcN
XDDJ+URLTZEnyPkGtqetsJAMO1Wcu6MdfrOiilrdPnWN4rsQPxidB2oAr3DaaO/2
dVj3ieQXKw9nxj2Ei69Zgwmx0pGK0XnhB65ToUbSis5Zs/wVU4kV0tWMGSB9Thv3
SR7R5lThNxcCo+UD7bIvU1Bn+6cvS9qZfJnY7+pCZzXLHOe2pEoq6CRdGsHyVJTD
4cP1+L52NWz9kbUQH+d4CvQX69fWYKQp4KtSyBuTUpBrPzn2LkhGSfAlBOvmxxat
XRgw7fEd9h2NEUJD3vtSa7okD06AEkQ3LIaroxgV2RErW2UWqrzlROZ71m/IdcpP
nT+mtwHHJIyA71H77SVBOioHyvQTDRtdZnGUz5pAwNAoGM0Oz2Fq9KvjqcN/tzMR
nRSrzWNjoI66uQIvDBff
=Dodn
—–END PGP SIGNATURE—–

Top
More in Preporuke
Nadogradnja za WordPress

Otkriveno je nekoliko ranjivosti u popularnom CMS-u WordPress. Potencijalni udaljeni napadači ranjivosti bi mogli zloupotrijebiti za preusmjeravanje na zlonamjerna web...

Close