diff options
Diffstat (limited to 'patches/source/bash/bash.CVE-2016-7543.bash43-048')
-rw-r--r-- | patches/source/bash/bash.CVE-2016-7543.bash43-048 | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/patches/source/bash/bash.CVE-2016-7543.bash43-048 b/patches/source/bash/bash.CVE-2016-7543.bash43-048 new file mode 100644 index 00000000..6a8588ec --- /dev/null +++ b/patches/source/bash/bash.CVE-2016-7543.bash43-048 @@ -0,0 +1,54 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 4.3 +Patch-ID: bash43-048 + +Bug-Reported-by: up201407890@alunos.dcc.fc.up.pt +Bug-Reference-ID: <20151210201649.126444eionzfsam8@webmail.alunos.dcc.fc.up.pt> +Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2015-12/msg00054.html + +Bug-Description: + +If a malicious user can inject a value of $SHELLOPTS containing `xtrace' +and a value for $PS4 that includes a command substitution into a shell +running as root, bash will expand the command substitution as part of +expanding $PS4 when it executes a traced command. + +Patch (apply with `patch -p0'): + +*** ../bash-4.3-patched/variables.c 2015-11-26 12:31:21.000000000 -0500 +--- variables.c 2015-12-23 10:19:01.000000000 -0500 +*************** +*** 496,500 **** + set_if_not ("PS2", secondary_prompt); + } +! set_if_not ("PS4", "+ "); + + /* Don't allow IFS to be imported from the environment. */ +--- 496,504 ---- + set_if_not ("PS2", secondary_prompt); + } +! +! if (current_user.euid == 0) +! bind_variable ("PS4", "+ ", 0); +! else +! set_if_not ("PS4", "+ "); + + /* Don't allow IFS to be imported from the environment. */ + +*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500 +--- patchlevel.h 2014-03-20 20:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 47 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 48 + + #endif /* _PATCHLEVEL_H_ */ |