Security update for bash SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2017:1337-1 Final 1 1 2017-05-18T10:24:30Z current 2017-05-18T10:24:30Z 2017-05-18T10:24:30Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for bash This update for bash fixed several issues This security issue was fixed: - CVE-2016-9401: popd in bash might allowed local users to bypass the restricted shell and cause a use-after-free via a crafted address (bsc#1010845). This non-security issue was fixed: - Fix when HISTSIZE=0 and chattr +a .bash_history (bsc#1031729) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sdksp4-bash-13111,slessp4-bash-13111 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2017/suse-su-20171337-1/ Link for SUSE-SU-2017:1337-1 https://lists.suse.com/pipermail/sle-security-updates/2017-May/002896.html E-Mail link for SUSE-SU-2017:1337-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1010845 SUSE Bug 1010845 https://bugzilla.suse.com/1031729 SUSE Bug 1031729 https://bugzilla.suse.com/976776 SUSE Bug 976776 https://www.suse.com/security/cve/CVE-2016-9401/ SUSE CVE CVE-2016-9401 page SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 libreadline5-5.2-147.35.1 readline-devel-5.2-147.35.1 readline-devel-32bit-5.2-147.35.1 bash-3.2-147.35.1 bash-doc-3.2-147.35.1 bash-x86-3.2-147.35.1 libreadline5-32bit-5.2-147.35.1 libreadline5-x86-5.2-147.35.1 readline-doc-5.2-147.35.1 bash-3.2-147.35.1 as a component of SUSE Linux Enterprise Server 11 SP4 bash-doc-3.2-147.35.1 as a component of SUSE Linux Enterprise Server 11 SP4 bash-x86-3.2-147.35.1 as a component of SUSE Linux Enterprise Server 11 SP4 libreadline5-5.2-147.35.1 as a component of SUSE Linux Enterprise Server 11 SP4 libreadline5-32bit-5.2-147.35.1 as a component of SUSE Linux Enterprise Server 11 SP4 libreadline5-x86-5.2-147.35.1 as a component of SUSE Linux Enterprise Server 11 SP4 readline-doc-5.2-147.35.1 as a component of SUSE Linux Enterprise Server 11 SP4 bash-3.2-147.35.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 bash-doc-3.2-147.35.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 bash-x86-3.2-147.35.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 libreadline5-5.2-147.35.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 libreadline5-32bit-5.2-147.35.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 libreadline5-x86-5.2-147.35.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 readline-doc-5.2-147.35.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 libreadline5-5.2-147.35.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 readline-devel-5.2-147.35.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 readline-devel-32bit-5.2-147.35.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address. CVE-2016-9401 SUSE Linux Enterprise Server 11 SP4:bash-3.2-147.35.1 SUSE Linux Enterprise Server 11 SP4:bash-doc-3.2-147.35.1 SUSE Linux Enterprise Server 11 SP4:bash-x86-3.2-147.35.1 SUSE Linux Enterprise Server 11 SP4:libreadline5-32bit-5.2-147.35.1 SUSE Linux Enterprise Server 11 SP4:libreadline5-5.2-147.35.1 SUSE Linux Enterprise Server 11 SP4:libreadline5-x86-5.2-147.35.1 SUSE Linux Enterprise Server 11 SP4:readline-doc-5.2-147.35.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:bash-3.2-147.35.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:bash-doc-3.2-147.35.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:bash-x86-3.2-147.35.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libreadline5-32bit-5.2-147.35.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libreadline5-5.2-147.35.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libreadline5-x86-5.2-147.35.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:readline-doc-5.2-147.35.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libreadline5-5.2-147.35.1 SUSE Linux Enterprise Software Development Kit 11 SP4:readline-devel-32bit-5.2-147.35.1 SUSE Linux Enterprise Software Development Kit 11 SP4:readline-devel-5.2-147.35.1 moderate 3.3 AV:L/AC:M/Au:N/C:P/I:P/A:N 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20171337-1/ https://www.suse.com/security/cve/CVE-2016-9401.html CVE-2016-9401 https://bugzilla.suse.com/1010845 SUSE Bug 1010845 https://bugzilla.suse.com/1044328 SUSE Bug 1044328 https://bugzilla.suse.com/1123788 SUSE Bug 1123788 https://bugzilla.suse.com/1159416 SUSE Bug 1159416