A CVE has been assigned for a security issue in bash: http://openwall.com/lists/oss-security/2016/11/17/9 I don't know if a fix is available yet.
Depends on: (none) => 19462Whiteboard: (none) => MGA5TOO
no fix is available yet.
CC: (none) => mageia
(In reply to Nicolas Lécureuil from comment #1) > no fix is available yet. Already assigning to the maintainer, though
CC: (none) => marja11Assignee: bugsquad => shlomif
Status: NEW => ASSIGNED
Gentoo has issued an advisory for this on January 1: https://security.gentoo.org/glsa/201701-02 They added this patch: https://gitweb.gentoo.org/repo/gentoo.git/plain/app-shells/bash/files/bash-4.4-popd-offset-overflow.patch?id=1bf1ceeb04a2f57e1e5e1636a8c288c4d0db6682
URL: (none) => https://lwn.net/Vulnerabilities/710484/
(In reply to David Walser from comment #3) > Gentoo has issued an advisory for this on January 1: > https://security.gentoo.org/glsa/201701-02 > > They added this patch: > https://gitweb.gentoo.org/repo/gentoo.git/plain/app-shells/bash/files/bash-4. > 4-popd-offset-overflow.patch?id=1bf1ceeb04a2f57e1e5e1636a8c288c4d0db6682 Thanks, David! I updated it in Cauldron in bash-4.3-48.3 which is currently scheduled for building at http://pkgsubmit.mageia.org/ and I'm going to tackle mga v5 next.
(In reply to Shlomi Fish from comment #4) > (In reply to David Walser from comment #3) > > Gentoo has issued an advisory for this on January 1: > > https://security.gentoo.org/glsa/201701-02 > > > > They added this patch: > > https://gitweb.gentoo.org/repo/gentoo.git/plain/app-shells/bash/files/bash-4. > > 4-popd-offset-overflow.patch?id=1bf1ceeb04a2f57e1e5e1636a8c288c4d0db6682 > > Thanks, David! > > I updated it in Cauldron in bash-4.3-48.3 which is currently scheduled for > building at http://pkgsubmit.mageia.org/ and I'm going to tackle mga v5 next. bash update 4.3-48.2.1 was pushed to mgav5 core/updates_testing. Someone needs to prepare an advisory.
Version: Cauldron => 5Assignee: shlomif => qa-bugsWhiteboard: MGA5TOO => (none)
Advisory: ======================== Updated bash packages fix security vulnerability: In Bash, the popd command can be tricked to free a user supplied address, which could be used to bypass restricted shells (rsh) on some environments to cause use-after-free (CVE-2016-9401). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9401 http://openwall.com/lists/oss-security/2016/11/17/9 https://security.gentoo.org/glsa/201701-02
Tested on x86_64. Tried the command posted at http://openwall.com/lists/oss-security/2016/11/17/9 $ popd +-111111 Segmentation fault Updated bash from core updates testing and tried again: $ popd +-111111 bash: popd: directory stack empty Probably safe to assume that this means that the patch is successful.
CC: (none) => tarazed25
Whiteboard: (none) => MGA5-64-OK
Ran the popd test on i586 virtualbox before and after the bash update and found the same results as for 64-bits. This can be validated.
Keywords: (none) => validated_updateWhiteboard: MGA5-64-OK => MGA5-64-OK MGA5-32-OKCC: (none) => sysadmin-bugs
Whiteboard: MGA5-64-OK MGA5-32-OK => MGA5-64-OK MGA5-32-OK has_procedure
Advisoried from comments 5 & 6.
CC: (none) => lewyssmithWhiteboard: MGA5-64-OK MGA5-32-OK has_procedure => MGA5-64-OK MGA5-32-OK has_procedure advisory
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0005.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED