From b1104ec130056866f3bdce51a3f77685b702fbde Mon Sep 17 00:00:00 2001 From: Siteshwar Vashisht Date: Fri, 30 Sep 2016 13:22:15 +0530 Subject: [PATCH] CVE-2016-7543: Fix for arbitrary code execution via SHELLOPTS+PS4 variables Resolves: #1379634 --- bash-4.4-cve-2016-7543.patch | 29 +++++++++++++++++++++++++++++ bash.spec | 11 ++++++++++- 2 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 bash-4.4-cve-2016-7543.patch diff --git a/bash-4.4-cve-2016-7543.patch b/bash-4.4-cve-2016-7543.patch new file mode 100644 index 0000000..cb7a6a0 --- /dev/null +++ b/bash-4.4-cve-2016-7543.patch @@ -0,0 +1,29 @@ +From f43310742819253bfa6add2dce406701bb8cc2bb Mon Sep 17 00:00:00 2001 +From: Siteshwar Vashisht +Date: Wed, 28 Sep 2016 18:33:55 +0530 +Subject: [PATCH] CVE-2016-7543: Patch imported from bash-4.4 + +--- + variables.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/variables.c b/variables.c +index ac587f3..ffd39e8 100644 +--- a/variables.c ++++ b/variables.c +@@ -496,7 +496,11 @@ initialize_shell_variables (env, privmode) + #endif + set_if_not ("PS2", secondary_prompt); + } +- set_if_not ("PS4", "+ "); ++ ++ if (current_user.euid == 0) ++ bind_variable ("PS4", "+ ", 0); ++ else ++ set_if_not ("PS4", "+ "); + + /* Don't allow IFS to be imported from the environment. */ + temp_var = bind_variable ("IFS", " \t\n", 0); +-- +2.5.5 + diff --git a/bash.spec b/bash.spec index af06209..cf7e3e8 100644 --- a/bash.spec +++ b/bash.spec @@ -8,7 +8,7 @@ Version: %{baseversion}%{patchleveltag} Name: bash Summary: The GNU Bourne Again shell -Release: 3%{?dist} +Release: 4%{?dist} Group: System Environment/Shells License: GPLv3+ Url: http://www.gnu.org/software/bash @@ -147,6 +147,10 @@ Patch140: bash-tilda-race-condition.patch # NOTE: This fix is already included in bash-4.4. Patch141: bash-4.3-cve-2016-0634.patch +#1379634- security fix CVE-2016-7543 (Specially crafted SHELLOPTS+PS4 variables allows command substitution) +# NOTE: This fix is already included in bash-4.4. +Patch142: bash-4.4-cve-2016-7543.patch + BuildRequires: texinfo bison BuildRequires: ncurses-devel BuildRequires: autoconf, gettext @@ -251,6 +255,7 @@ This package contains documentation files for %{name}. %patch139 -p1 -b .oldleak %patch140 -p1 -b .tilda_expansion %patch141 -p1 -b .cve-2016-0634 +%patch142 -p1 -b .cve-2016-7543 echo %{version} > _distribution echo %{release} > _patchlevel @@ -452,6 +457,10 @@ end %doc doc/*.ps doc/*.0 doc/*.html doc/article.txt %changelog +* Fri Sep 30 2016 Siteshwar Vashisht - 4.3.43-4 +- CVE-2016-7543: Fix for arbitrary code execution via SHELLOPTS+PS4 variables + Resolves: #1379634 + * Wed Sep 21 2016 David Kaspar [Dee'Kej] - 4.3.43-3 - CVE-2016-0634 - Fix for arbitrary code execution via malicious hostname Resolves: #1377614