[SECURITY] [DLA 1726-1] bash security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : bash
Version : 4.3-11+deb8u2
CVE ID : CVE-2016-9401 CVE-2019-9924
Two issues have been fixed in bash, the GNU Bourne-Again Shell:
CVE-2016-9401
The popd builtin segfaulted when called with negative out of range
offsets.
CVE-2019-9924
Sylvain Beucler discovered that it was possible to call commands
that contained a slash when in restricted mode (rbash) by adding
them to the BASH_CMDS array.
For Debian 8 "Jessie", these problems have been fixed in version
4.3-11+deb8u2.
We recommend that you upgrade your bash packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlyYwccACgkQnUbEiOQ2
gwJ00xAAha7Q/3rsy3EwilgHyJwnV5PkXBQ8EAgI1KQ6EuqWWLsDykSQ2zmG79dC
DQDK1Re0ikpZJy8x70GwW+Nf61s6bJFMLRrxApnKcn80339qXEjMdgoHsHP5qIfm
dPxKk8ulR+Ppdcq/Kjhu90wT0+v7k4XusucB6SAZBmUdAL4qns93AN4svjbSlsrb
Nr5QM1mzc4d3rNXTCn2Ek5u2bMipHge5tJlmncWljOInvGXMTFsOozcL1A9V3+Wc
l7o3dvF4bEnho/A1mRDUvdnPVrFmUfBJrIuSoTOvInLd2ebS1+Uijt4a+dxWudZX
M1X9OERN3+uVCnLz/2AhVsmfO/AfRI8Vt0RL7dvAQKPWUmZqNDIKK7O8A6bh7tt2
5Fn+1SALP6TF/Rtb5E5fI90zIydsJDiNIBL2TyGsrL+w+kCxmhsj7BEnID6iC50/
GkpmT2IWx8etOHNag8DxImFwNLj1doDueXxp+nz8guhK2WV6ey+i1iYxbU9ow9kH
Y5AlCD5pcPRezj0YEfSuDzvPlJ0qDEaT0mINPdChktaOYzGFzCw+Ufx7TgRm/mXX
tdGjOnzo1J/GWMBK4D7Ztf7wzWmeInNA4vy0t0s859vhHgF+cdEs4al7MUWH/sZd
Qs6EdrkWxBOyzEZLoOl59Fhn7i7KLSf/1cQlW1lNTzV/MGSRFGM=
=qNdv
-----END PGP SIGNATURE-----
Reply to: