AOSA-2017-0019: UPDATE BASH

FEBRUARY 8, 2017

Most good programmers do programming not because they expect to get paid or get adulation by the public, but because it is fun to program. – Linus Torvalds

Please update your bash package to version 4.4.12.

At patch level 7, which would be version 4.4.7 of Bash, a security issue was addressed that:

“An exploit can be realized by creating a file or directory with a specially crafted name. A user utilizing GNU Bash’s built-in path completion by hitting the Tab button (f.e. to remove it with rm) triggers the exploit without executing a command itself. The vulnerability has been introduced on the devel-branch in May 2015.”

And was consequently assigned CVE-2017-5932.

Relevant documentation:

1486523651849