[v2.5] bash: security feature bypassed
A bug was reported in bash up to 4.3. In some circumstances the bash
security feature could be bypassed allowing the bash to be a valid
target shell in an attack.
The bug has not been fixed by developers. However a patch exists.
http://seclists.org/bugtraq/2014/Jun/28
COMMIT: http://hmarco.org/bugs/bash\_4.3-setuid-bug.html
(from redmine: issue id 2991, created on 2014-06-05, closed on 2014-06-19)
- Relations:
- parent #2990 (closed)
- Changesets:
- Revision 53d049ee by Natanael Copa on 2014-06-17T12:01:39Z:
main/bash: fix setuid bug
ref #2990
fixes #2991
(cherry picked from commit 883b411c85593d30f2296a157a733aa799c32828)
Conflicts:
main/bash/APKBUILD