summaryrefslogtreecommitdiffstats
path: root/patches/source/bash/bash.CVE-2016-7543.bash43-048
diff options
context:
space:
mode:
Diffstat (limited to 'patches/source/bash/bash.CVE-2016-7543.bash43-048')
-rw-r--r--patches/source/bash/bash.CVE-2016-7543.bash43-04854
1 files changed, 54 insertions, 0 deletions
diff --git a/patches/source/bash/bash.CVE-2016-7543.bash43-048 b/patches/source/bash/bash.CVE-2016-7543.bash43-048
new file mode 100644
index 000000000..6a8588ec0
--- /dev/null
+++ b/patches/source/bash/bash.CVE-2016-7543.bash43-048
@@ -0,0 +1,54 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.3
+Patch-ID: bash43-048
+
+Bug-Reported-by: up201407890@alunos.dcc.fc.up.pt
+Bug-Reference-ID: <20151210201649.126444eionzfsam8@webmail.alunos.dcc.fc.up.pt>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2015-12/msg00054.html
+
+Bug-Description:
+
+If a malicious user can inject a value of $SHELLOPTS containing `xtrace'
+and a value for $PS4 that includes a command substitution into a shell
+running as root, bash will expand the command substitution as part of
+expanding $PS4 when it executes a traced command.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.3-patched/variables.c 2015-11-26 12:31:21.000000000 -0500
+--- variables.c 2015-12-23 10:19:01.000000000 -0500
+***************
+*** 496,500 ****
+ set_if_not ("PS2", secondary_prompt);
+ }
+! set_if_not ("PS4", "+ ");
+
+ /* Don't allow IFS to be imported from the environment. */
+--- 496,504 ----
+ set_if_not ("PS2", secondary_prompt);
+ }
+!
+! if (current_user.euid == 0)
+! bind_variable ("PS4", "+ ", 0);
+! else
+! set_if_not ("PS4", "+ ");
+
+ /* Don't allow IFS to be imported from the environment. */
+
+*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500
+--- patchlevel.h 2014-03-20 20:01:28.000000000 -0400
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 47
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 48
+
+ #endif /* _PATCHLEVEL_H_ */