Information on source package bash

Available versions

ReleaseVersion
wheezy4.2+dfsg-0.1+deb7u3
wheezy (security)4.2+dfsg-0.1+deb7u4
jessie4.3-11+deb8u1
stretch4.4-5
sid4.4-5

Open issues

BugwheezyjessiestretchsidDescription
CVE-2016-9401vulnerable (no DSA)vulnerable (no DSA)fixedfixedpopd in bash might allow local users to bypass the restricted shell ...

Open unimportant issues

BugwheezyjessiestretchsidDescription
TEMP-0841856-B18BAFvulnerablevulnerablevulnerablevulnerablePrivilege escalation possible to other user than root
CVE-2016-0634vulnerablefixedfixedfixedbash prompt expanding return value from gethostname()

Resolved issues

BugDescription
CVE-2017-5932The path autocompletion feature in Bash 4.4 allows local users to gain ...
CVE-2016-7543Bash before 4.4 allows local users to execute arbitrary commands with ...
CVE-2014-7187Off-by-one error in the read_token_word function in parse.y in GNU ...
CVE-2014-7186The redirection implementation in parse.y in GNU Bash through 4.3 ...
CVE-2014-7169GNU Bash through 4.3 bash43-025 processes trailing strings after ...
CVE-2014-6278GNU Bash through 4.3 bash43-026 does not properly parse function ...
CVE-2014-6277GNU Bash through 4.3 bash43-026 does not properly parse function ...
CVE-2014-6271GNU Bash through 4.3 processes trailing strings after function ...
CVE-2012-3410Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 ...
CVE-2010-0002The /etc/profile.d/60alias.sh script in the Mandriva bash package for ...
CVE-2008-5374bash-doc 3.2 allows local users to overwrite arbitrary files via a ...

Security announcements

DSA / DLADescription
DLA-680-2bash - version number correction
DLA-680-1bash - security update
DLA-63-1bash - security update
DSA-3035-1bash - security update
DSA-3032-1bash - security update
DLA-59-1bash - security update

Search for package or bug name: Reporting problems