This bug was fixed in the package bash - 4.3-15ubuntu1.1
---------------
bash (4.3-15ubuntu1.1) yakkety-security; urgency=medium
* SECURITY UPDATE: word expansions on the prompt strings (LP: #1507025)
- debian/patches/bash43-047.diff: add quoting to parse.y, y.tab.c.
- CVE-2016-0634
* SECURITY UPDATE: code execution via crafted SHELLOPTS and PS4
(LP: #1689304)
- debian/patches/bash43-048.diff: check for root in variables.c.
- CVE-2016-7543
* SECURITY UPDATE: restricted shell bypass via use-after-free
- debian/patches/bash44-006.diff: check for negative offsets in
builtins/pushd.def.
- CVE-2016-9401
-- Marc Deslauriers <marc.deslauri...@ubuntu.com> Tue, 16 May 2017
07:44:56 -0400
** Changed in: bash (Ubuntu)
Status: New => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-7543
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-9401
** Changed in: bash (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1507025
Title:
Shell Command Injection with the hostname
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
