VYPR

rpm package

suse/bash&distro=SUSE Linux Enterprise Desktop 12 SP1

pkg:rpm/suse/bash&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1

Vulnerabilities (4)

  • CVE-2016-0634HigAug 28, 2017
    affected < 4.2-82.1fixed 4.2-82.1

    The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine.

  • CVE-2016-7543HigJan 19, 2017
    affected < 4.2-82.1fixed 4.2-82.1

    Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.

  • CVE-2014-6278HigKEVSep 30, 2014
    affected < 4.2-82.1fixed 4.2-82.1

    GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH ssh

  • CVE-2014-6277Sep 27, 2014
    affected < 4.2-82.1fixed 4.2-82.1

    GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations)