CVE-2016-7543: Fix for arbitrary code execution via SHELLOPTS+PS4 variables

Resolves: #1379634
This commit is contained in:
Siteshwar Vashisht 2016-09-30 13:22:15 +05:30
parent d430777020
commit b1104ec130
2 changed files with 39 additions and 1 deletions

View File

@ -0,0 +1,29 @@
From f43310742819253bfa6add2dce406701bb8cc2bb Mon Sep 17 00:00:00 2001
From: Siteshwar Vashisht <svashisht@redhat.com>
Date: Wed, 28 Sep 2016 18:33:55 +0530
Subject: [PATCH] CVE-2016-7543: Patch imported from bash-4.4
---
variables.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/variables.c b/variables.c
index ac587f3..ffd39e8 100644
--- a/variables.c
+++ b/variables.c
@@ -496,7 +496,11 @@ initialize_shell_variables (env, privmode)
#endif
set_if_not ("PS2", secondary_prompt);
}
- set_if_not ("PS4", "+ ");
+
+ if (current_user.euid == 0)
+ bind_variable ("PS4", "+ ", 0);
+ else
+ set_if_not ("PS4", "+ ");
/* Don't allow IFS to be imported from the environment. */
temp_var = bind_variable ("IFS", " \t\n", 0);
--
2.5.5

View File

@ -8,7 +8,7 @@
Version: %{baseversion}%{patchleveltag}
Name: bash
Summary: The GNU Bourne Again shell
Release: 3%{?dist}
Release: 4%{?dist}
Group: System Environment/Shells
License: GPLv3+
Url: http://www.gnu.org/software/bash
@ -147,6 +147,10 @@ Patch140: bash-tilda-race-condition.patch
# NOTE: This fix is already included in bash-4.4.
Patch141: bash-4.3-cve-2016-0634.patch
#1379634- security fix CVE-2016-7543 (Specially crafted SHELLOPTS+PS4 variables allows command substitution)
# NOTE: This fix is already included in bash-4.4.
Patch142: bash-4.4-cve-2016-7543.patch
BuildRequires: texinfo bison
BuildRequires: ncurses-devel
BuildRequires: autoconf, gettext
@ -251,6 +255,7 @@ This package contains documentation files for %{name}.
%patch139 -p1 -b .oldleak
%patch140 -p1 -b .tilda_expansion
%patch141 -p1 -b .cve-2016-0634
%patch142 -p1 -b .cve-2016-7543
echo %{version} > _distribution
echo %{release} > _patchlevel
@ -452,6 +457,10 @@ end
%doc doc/*.ps doc/*.0 doc/*.html doc/article.txt
%changelog
* Fri Sep 30 2016 Siteshwar Vashisht <svashisht@redhat.com> - 4.3.43-4
- CVE-2016-7543: Fix for arbitrary code execution via SHELLOPTS+PS4 variables
Resolves: #1379634
* Wed Sep 21 2016 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 4.3.43-3
- CVE-2016-0634 - Fix for arbitrary code execution via malicious hostname
Resolves: #1377614