| Package | bash |
|---|---|
| Version | 4.2+dfsg-0.1+deb7u5 |
| Related CVEs | CVE-2016-9401 CVE-2019-9924 |
Two issues have been fixed in bash, the GNU Bourne-Again Shell:
CVE-2016-9401
The popd builtin segfaulted when called with negative out of range
offsets.
CVE-2019-9924
Sylvain Beucler discovered that it was possible to call commands
that contained a slash when in restricted mode (rbash) by adding
them to the BASH_CMDS array.
For Debian 7 Wheezy, these problems have been fixed in version 4.2+dfsg-0.1+deb7u5.
We recommend that you upgrade your bash packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.