VYPR

rpm package

opensuse/bash&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/bash&distro=openSUSE%20Tumbleweed

Vulnerabilities (8)

  • CVE-2016-9401MedJan 23, 2017
    affected < 7.0-92.1fixed 7.0-92.1

    popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.

  • CVE-2014-6278HigKEVSep 30, 2014
    affected < 7.0-92.1fixed 7.0-92.1

    GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH ssh

  • CVE-2014-7187Sep 28, 2014
    affected < 7.0-92.1fixed 7.0-92.1

    Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "w

  • CVE-2014-7186Sep 28, 2014
    affected < 7.0-92.1fixed 7.0-92.1

    The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack"

  • CVE-2014-6277Sep 27, 2014
    affected < 7.0-92.1fixed 7.0-92.1

    GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations)

  • CVE-2014-7169CriKEVSep 25, 2014
    affected < 7.0-92.1fixed 7.0-92.1

    GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vect

  • CVE-2014-6271CriKEVSep 24, 2014
    affected < 7.0-92.1fixed 7.0-92.1

    GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the

  • CVE-2014-2524Aug 20, 2014
    affected < 7.0-92.1fixed 7.0-92.1

    The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.