Security update for bash SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:1402-1 Final 1 1 2017-05-24T15:27:27Z current 2017-05-24T15:27:27Z 2017-05-24T15:27:27Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for bash This update for bash fixes an issue that could lead to syntax errors when parsing scripts that use expr(1) inside loops. Additionally, the popd build-in now ensures that the normalized stack offset is within bounds before trying to free that stack entry. This fixes a segmentation fault. This update was imported from the SUSE:SLE-12-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2017-05/msg00082.html E-Mail link for openSUSE-SU-2017:1402-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 bash-4.3-80.3.1 bash-devel-4.3-80.3.1 bash-doc-4.3-80.3.1 bash-lang-4.3-80.3.1 bash-loadables-4.3-80.3.1 libreadline6-6.3-80.3.1 libreadline6-32bit-6.3-80.3.1 readline-devel-6.3-80.3.1 readline-devel-32bit-6.3-80.3.1 readline-doc-6.3-80.3.1 bash-4.3-80.3.1 as a component of openSUSE Leap 42.2 bash-devel-4.3-80.3.1 as a component of openSUSE Leap 42.2 bash-doc-4.3-80.3.1 as a component of openSUSE Leap 42.2 bash-lang-4.3-80.3.1 as a component of openSUSE Leap 42.2 bash-loadables-4.3-80.3.1 as a component of openSUSE Leap 42.2 libreadline6-6.3-80.3.1 as a component of openSUSE Leap 42.2 libreadline6-32bit-6.3-80.3.1 as a component of openSUSE Leap 42.2 readline-devel-6.3-80.3.1 as a component of openSUSE Leap 42.2 readline-devel-32bit-6.3-80.3.1 as a component of openSUSE Leap 42.2 readline-doc-6.3-80.3.1 as a component of openSUSE Leap 42.2 popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address. CVE-2016-9401 openSUSE Leap 42.2:bash-4.3-80.3.1 openSUSE Leap 42.2:bash-devel-4.3-80.3.1 openSUSE Leap 42.2:bash-doc-4.3-80.3.1 openSUSE Leap 42.2:bash-lang-4.3-80.3.1 openSUSE Leap 42.2:bash-loadables-4.3-80.3.1 openSUSE Leap 42.2:libreadline6-32bit-6.3-80.3.1 openSUSE Leap 42.2:libreadline6-6.3-80.3.1 openSUSE Leap 42.2:readline-devel-32bit-6.3-80.3.1 openSUSE Leap 42.2:readline-devel-6.3-80.3.1 openSUSE Leap 42.2:readline-doc-6.3-80.3.1 moderate 3.3 AV:L/AC:M/Au:N/C:P/I:P/A:N Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-05/msg00082.html https://www.suse.com/security/cve/CVE-2016-9401.html CVE-2016-9401 https://bugzilla.suse.com/1010845 SUSE Bug 1010845 https://bugzilla.suse.com/1123788 SUSE Bug 1123788 https://bugzilla.suse.com/1159416 SUSE Bug 1159416