<= Back

AOSA-2017-0019: Update Bash

February 8, 2017

Please update your bash package to version 4.4.12.

At patch level 7, which would be version 4.4.7 of Bash, a security issue was addressed that:

"An exploit can be realized by creating a file or directory with a specially crafted name. A user utilizing GNU Bash’s built-in path completion by hitting the Tab button (f.e. to remove it with rm) triggers the exploit without executing a command itself. The vulnerability has been introduced on the devel-branch in May 2015."

And was consequently assigned CVE-2017-5932.

Relevant documentation:

Copyleft 2011–2024, Members of the Community   |   Site Language