Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in GNU Bash
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in GNU Bash
ID: USN-3294-1
Distribution: Ubuntu
Plattformen: Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 16.10, Ubuntu 17.04
Datum: Mi, 17. Mai 2017, 23:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7543
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5932
Applikationen: GNU Bash

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============2190155850009692265==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="scqj9PaQXjoRx6pALMikttmkjLcmFkKUR"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--scqj9PaQXjoRx6pALMikttmkjLcmFkKUR
Content-Type: multipart/mixed;
boundary="siIl6KVKR6FWdWQKtB3WS1wWmU1T0MusN"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <f3f6a164-e36d-6f71-6cc5-6fa2627b89e6@canonical.com>
Subject: [USN-3294-1] Bash vulnerabilities

--siIl6KVKR6FWdWQKtB3WS1wWmU1T0MusN
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-3294-1
May 17, 2017

bash vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.04
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Bash.

Software Description:
- bash: GNU Bourne Again SHell

Details:

Bernd Dietzel discovered that Bash incorrectly expanded the hostname when
displaying the prompt. If a remote attacker were able to modify a hostname,
this flaw could be exploited to execute arbitrary code. This issue only
affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10.
(CVE-2016-0634)

It was discovered that Bash incorrectly handled the SHELLOPTS and PS4
environment variables. A local attacker could use this issue to execute
arbitrary code with root privileges. This issue only affected Ubuntu 14.04
LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7543)

It was discovered that Bash incorrectly handled the popd command. A remote
attacker could possibly use this issue to bypass restricted shells.
(CVE-2016-9401)

It was discovered that Bash incorrectly handled path autocompletion. A
local attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 17.04. (CVE-2017-5932)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
bash 4.4-2ubuntu1.1

Ubuntu 16.10:
bash 4.3-15ubuntu1.1

Ubuntu 16.04 LTS:
bash 4.3-14ubuntu1.2

Ubuntu 14.04 LTS:
bash 4.3-7ubuntu1.7

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-3294-1
CVE-2016-0634, CVE-2016-7543, CVE-2016-9401, CVE-2017-5932

Package Information:
https://launchpad.net/ubuntu/+source/bash/4.4-2ubuntu1.1
https://launchpad.net/ubuntu/+source/bash/4.3-15ubuntu1.1
https://launchpad.net/ubuntu/+source/bash/4.3-14ubuntu1.2
https://launchpad.net/ubuntu/+source/bash/4.3-7ubuntu1.7



--siIl6KVKR6FWdWQKtB3WS1wWmU1T0MusN--

--scqj9PaQXjoRx6pALMikttmkjLcmFkKUR
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJZHIbPAAoJEGVp2FWnRL6T1doQAJRrw4DFfTHJEAVY+5Q9EM3h
UQINMaKQOAkWXdEX94cSILvPmQjGUPFBJ9NSVJT/4ShKlXg3Umb8zpCoJOA1hraL
6kfkbhZX5hw5JptUbkDrL/6v7z2BDZp4o/PGnFQH3T2yLJg0ZdoppLbidmutyBc8
hnvpbYGBc1os2bVB0pI9YJsPdlRZDneSHqo6759Pi9UuuDjERyR1aLiigctVkQzZ
shPjfsLJc5PaNXMd4EbX+KE3xTAbrvJXeQ+AwZr8DIKa5Z9FxD2A8ginE1fHufcN
XDDJ+URLTZEnyPkGtqetsJAMO1Wcu6MdfrOiilrdPnWN4rsQPxidB2oAr3DaaO/2
dVj3ieQXKw9nxj2Ei69Zgwmx0pGK0XnhB65ToUbSis5Zs/wVU4kV0tWMGSB9Thv3
SR7R5lThNxcCo+UD7bIvU1Bn+6cvS9qZfJnY7+pCZzXLHOe2pEoq6CRdGsHyVJTD
4cP1+L52NWz9kbUQH+d4CvQX69fWYKQp4KtSyBuTUpBrPzn2LkhGSfAlBOvmxxat
XRgw7fEd9h2NEUJD3vtSa7okD06AEkQ3LIaroxgV2RErW2UWqrzlROZ71m/IdcpP
nT+mtwHHJIyA71H77SVBOioHyvQTDRtdZnGUz5pAwNAoGM0Oz2Fq9KvjqcN/tzMR
nRSrzWNjoI66uQIvDBff
=Dodn
-----END PGP SIGNATURE-----

--scqj9PaQXjoRx6pALMikttmkjLcmFkKUR--


--===============2190155850009692265==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============2190155850009692265==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung