{"affected":[{"ecosystem_specific":{"binaries":[{"ksh":"93vu-19.3.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Legacy 12","name":"ksh","purl":"pkg:rpm/suse/ksh&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"93vu-19.3.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ksh-devel":"93vu-19.3.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP5","name":"ksh","purl":"pkg:rpm/suse/ksh&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"93vu-19.3.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for ksh fixes the following issues:\n\n- CVE-2019-14868: Fixed code injection due to environment variables on startup interpreted as arithmetic expression (bsc#1160796)\n    \nOther fixes:\n- do not use posix_spawn as it lacks proper job handling (bsc#1224057)\n- fix segfault in variable substitution (bsc#1129288)\n","id":"SUSE-SU-2024:2756-1","modified":"2024-08-05T19:57:56Z","published":"2024-08-05T19:57:56Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20242756-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1129288"},{"type":"REPORT","url":"https://bugzilla.suse.com/1160796"},{"type":"REPORT","url":"https://bugzilla.suse.com/1224057"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-14868"}],"related":["CVE-2019-14868"],"summary":"Security update for ksh","upstream":["CVE-2019-14868"]}