20272 – bash new security issue CVE-2017-5932

Bug 20272 - bash new security issue CVE-2017-5932

Summary: bash new security issue CVE-2017-5932

Status:	RESOLVED INVALID

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Shlomi Fish
QA Contact:	Sec team

URL:
Whiteboard:	MGA5TOO
Keywords:

Depends on:
Blocks:

Reported:	2017-02-12 17:02 CET by David Walser
Modified:	2017-05-02 15:47 CEST (History)
CC List:	2 users (show)

See Also:
Source RPM:	bash-4.3-48.2.1.mga5.src.rpm
CVE:	CVE-2017-5932
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2017-02-12 17:02:17 CET

A CVE has been assigned for a security issue fixed upstream in bash:
http://openwall.com/lists/oss-security/2017/02/08/3

Currently it has only been fixed in 4.4 and not 4.3 yet.

Mageia 5 is also affected.

David Walser 2017-02-12 17:02:35 CET

Whiteboard: (none) => MGA5TOO

Comment 1 Marja Van Waes 2017-02-13 11:36:45 CET

Assigning to the registered maintainer.

CC: (none) => marja11
Assignee: bugsquad => shlomif

Nicolas Lécureuil 2017-04-24 16:25:03 CEST

CVE: (none) => CVE-2017-5932
CC: (none) => mageia

Comment 2 Nicolas Lécureuil 2017-05-02 15:47:04 CEST

this bug is from version 4.4 so we are not afffected ( see https://github.com/jheyens/bash_completion_vuln/raw/master/2017-01-17.bash_completion_report.pdf )

Status: NEW => RESOLVED
Resolution: (none) => INVALID

Note You need to log in before you can comment on or make changes to this bug.