OVAL Reference oval:org.opensuse.security:def:57299

Oval Definition:

oval:org.opensuse.security:def:57299

Revision Date:	2020-12-01	Version:	1
Title:	Security update for bash
Description:	The command-line shell 'bash' evaluates environment variables, which allows the injection of characters and might be used to access files on the system in some circumstances (CVE-2014-7169). Please note that this issue is different from a previously fixed vulnerability tracked under CVE-2014-6271 and is less serious due to the special, non-default system configuration that is needed to create an exploitable situation. To remove further exploitation potential we now limit the function-in-environment variable to variables prefixed with BASH_FUNC_. This hardening feature is work in progress and might be improved in later updates. Additionally, two other security issues have been fixed: * CVE-2014-7186: Nested HERE documents could lead to a crash of bash. * CVE-2014-7187: Nesting of for loops could lead to a crash of bash. Security Issues: * CVE-2014-7169 * CVE-2014-7186 * CVE-2014-7187
Family:	unix	Class:	patch
Status:		Reference(s):	1012102 1012103 1012104 1013653 1013655 1013663 1027282 1027519 1028075 1033091 1034870 1034872 1034876 1036976 1036977 1036978 1036980 1036981 1036982 1036983 1036984 1036985 1036986 1036987 1036988 1036989 1036990 1036991 1037527 1038000 1040025 1040303 1040304 1040306 1040332 1041090 1042670 1049692 1050459 1054285 1068032 1073269 1073748 1078326 1078485 1081750 1084650 1086001 1087082 1087083 1096141 1100147 1103098 1107832 1108963 1110233 1111331 1130680 1135715 1136085 1148931 1149792 1150733 1153830 1155094 1159035 1159723 1159729 1162224 1162367 1162825 1164825 1165894 1170411 1171561 1171928 864364 898346 898603 898604 945401 CVE-2012-3547 CVE-2013-6493 CVE-2014-2015 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9807 CVE-2016-9808 CVE-2016-9810 CVE-2017-13720 CVE-2017-13722 CVE-2017-5715 CVE-2017-5753 CVE-2017-6502 CVE-2017-7606 CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 CVE-2017-8343 CVE-2017-8344 CVE-2017-8345 CVE-2017-8346 CVE-2017-8347 CVE-2017-8348 CVE-2017-8349 CVE-2017-8350 CVE-2017-8351 CVE-2017-8352 CVE-2017-8353 CVE-2017-8354 CVE-2017-8355 CVE-2017-8356 CVE-2017-8357 CVE-2017-8765 CVE-2017-8830 CVE-2017-9098 CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-14633 CVE-2018-14634 CVE-2018-17182 CVE-2018-20815 CVE-2018-3639 CVE-2018-3640 CVE-2018-5391 CVE-2019-0221 CVE-2019-11091 CVE-2019-12418 CVE-2019-17563 CVE-2019-17569 CVE-2019-18348 CVE-2019-3689 CVE-2019-8595 CVE-2019-8607 CVE-2019-8615 CVE-2019-8644 CVE-2019-8649 CVE-2019-8658 CVE-2019-8666 CVE-2019-8669 CVE-2019-8671 CVE-2019-8672 CVE-2019-8673 CVE-2019-8676 CVE-2019-8677 CVE-2019-8678 CVE-2019-8679 CVE-2019-8680 CVE-2019-8681 CVE-2019-8683 CVE-2019-8684 CVE-2019-8686 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 CVE-2019-9674 CVE-2020-8492 CVE-2020-9484 SUSE-SU-2016:3303-1 SUSE-SU-2017:1489-1 SUSE-SU-2018:0114-1 SUSE-SU-2018:0334-1 SUSE-SU-2018:1935-1 SUSE-SU-2019:1349-1 SUSE-SU-2019:2345-2 SUSE-SU-2019:2771-1 SUSE-SU-2020:1497-1 SUSE-SU-2020:1524-1
Platform(s):	openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8	Product(s):
Definition Synopsis
openSUSE Leap 15.0 is installed AND Package Information NetworkManager-applet-1.8.10-lp150.3 is installed OR NetworkManager-applet-lang-1.8.10-lp150.3 is installed OR NetworkManager-connection-editor-1.8.10-lp150.3 is installed OR libnm-gtk0-1.8.10-lp150.3 is installed OR libnma0-1.8.10-lp150.3 is installed OR nma-data-1.8.10-lp150.3 is installed OR typelib-1_0-NMGtk-1_0-1.8.10-lp150.3 is installed
Definition Synopsis
openSUSE Leap 15.1 is installed AND Package Information libecpg6-10.9-lp151.2.3 is installed OR libecpg6-32bit-10.9-lp151.2.3 is installed OR libpq5-10.9-lp151.2.3 is installed OR libpq5-32bit-10.9-lp151.2.3 is installed OR postgresql10-10.9-lp151.2.3 is installed OR postgresql10-contrib-10.9-lp151.2.3 is installed OR postgresql10-devel-10.9-lp151.2.3 is installed OR postgresql10-docs-10.9-lp151.2.3 is installed OR postgresql10-plperl-10.9-lp151.2.3 is installed OR postgresql10-plpython-10.9-lp151.2.3 is installed OR postgresql10-pltcl-10.9-lp151.2.3 is installed OR postgresql10-server-10.9-lp151.2.3 is installed OR postgresql10-test-10.9-lp151.2.3 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information bash-3.2-147.22 is installed OR bash-doc-3.2-147.22 is installed OR libreadline5-5.2-147.22 is installed OR libreadline5-32bit-5.2-147.22 is installed OR readline-doc-5.2-147.22 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_74-60_64_85-default-8-2 is installed OR kgraft-patch-3_12_74-60_64_85-xen-8-2 is installed OR kgraft-patch-SLE12-SP1_Update_26-8-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information freeradius-server-3.0.3-10 is installed OR freeradius-server-doc-3.0.3-10 is installed OR freeradius-server-krb5-3.0.3-10 is installed OR freeradius-server-ldap-3.0.3-10 is installed OR freeradius-server-libs-3.0.3-10 is installed OR freeradius-server-mysql-3.0.3-10 is installed OR freeradius-server-perl-3.0.3-10 is installed OR freeradius-server-postgresql-3.0.3-10 is installed OR freeradius-server-python-3.0.3-10 is installed OR freeradius-server-sqlite-3.0.3-10 is installed OR freeradius-server-utils-3.0.3-10 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information ntp-4.2.8p11-64.5 is installed OR ntp-doc-4.2.8p11-64.5 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information libvirt-2.0.0-27.45 is installed OR libvirt-client-2.0.0-27.45 is installed OR libvirt-daemon-2.0.0-27.45 is installed OR libvirt-daemon-config-network-2.0.0-27.45 is installed OR libvirt-daemon-config-nwfilter-2.0.0-27.45 is installed OR libvirt-daemon-driver-interface-2.0.0-27.45 is installed OR libvirt-daemon-driver-libxl-2.0.0-27.45 is installed OR libvirt-daemon-driver-lxc-2.0.0-27.45 is installed OR libvirt-daemon-driver-network-2.0.0-27.45 is installed OR libvirt-daemon-driver-nodedev-2.0.0-27.45 is installed OR libvirt-daemon-driver-nwfilter-2.0.0-27.45 is installed OR libvirt-daemon-driver-qemu-2.0.0-27.45 is installed OR libvirt-daemon-driver-secret-2.0.0-27.45 is installed OR libvirt-daemon-driver-storage-2.0.0-27.45 is installed OR libvirt-daemon-hooks-2.0.0-27.45 is installed OR libvirt-daemon-lxc-2.0.0-27.45 is installed OR libvirt-daemon-qemu-2.0.0-27.45 is installed OR libvirt-daemon-xen-2.0.0-27.45 is installed OR libvirt-doc-2.0.0-27.45 is installed OR libvirt-lock-sanlock-2.0.0-27.45 is installed OR libvirt-nss-2.0.0-27.45 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_121-92_80-default-7-2 is installed OR kgraft-patch-SLE12-SP2_Update_22-7-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND dosfstools-3.0.26-6 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information libdcerpc-binding0-4.6.16+git.169.064abe062be-3.46 is installed OR libdcerpc-binding0-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR libdcerpc0-4.6.16+git.169.064abe062be-3.46 is installed OR libdcerpc0-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR libndr-krb5pac0-4.6.16+git.169.064abe062be-3.46 is installed OR libndr-krb5pac0-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR libndr-nbt0-4.6.16+git.169.064abe062be-3.46 is installed OR libndr-nbt0-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR libndr-standard0-4.6.16+git.169.064abe062be-3.46 is installed OR libndr-standard0-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR libndr0-4.6.16+git.169.064abe062be-3.46 is installed OR libndr0-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR libnetapi0-4.6.16+git.169.064abe062be-3.46 is installed OR libnetapi0-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR libsamba-credentials0-4.6.16+git.169.064abe062be-3.46 is installed OR libsamba-credentials0-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR libsamba-errors0-4.6.16+git.169.064abe062be-3.46 is installed OR libsamba-errors0-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR libsamba-hostconfig0-4.6.16+git.169.064abe062be-3.46 is installed OR libsamba-hostconfig0-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR libsamba-passdb0-4.6.16+git.169.064abe062be-3.46 is installed OR libsamba-passdb0-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR libsamba-util0-4.6.16+git.169.064abe062be-3.46 is installed OR libsamba-util0-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR libsamdb0-4.6.16+git.169.064abe062be-3.46 is installed OR libsamdb0-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR libsmbclient0-4.6.16+git.169.064abe062be-3.46 is installed OR libsmbclient0-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR libsmbconf0-4.6.16+git.169.064abe062be-3.46 is installed OR libsmbconf0-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR libsmbldap0-4.6.16+git.169.064abe062be-3.46 is installed OR libsmbldap0-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR libtevent-util0-4.6.16+git.169.064abe062be-3.46 is installed OR libtevent-util0-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR libwbclient0-4.6.16+git.169.064abe062be-3.46 is installed OR libwbclient0-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR samba-4.6.16+git.169.064abe062be-3.46 is installed OR samba-client-4.6.16+git.169.064abe062be-3.46 is installed OR samba-client-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR samba-doc-4.6.16+git.169.064abe062be-3.46 is installed OR samba-libs-4.6.16+git.169.064abe062be-3.46 is installed OR samba-libs-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR samba-winbind-4.6.16+git.169.064abe062be-3.46 is installed OR samba-winbind-32bit-4.6.16+git.169.064abe062be-3.46 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information libgcrypt-1.6.1-16.68 is installed OR libgcrypt20-1.6.1-16.68 is installed OR libgcrypt20-32bit-1.6.1-16.68 is installed OR libgcrypt20-hmac-1.6.1-16.68 is installed OR libgcrypt20-hmac-32bit-1.6.1-16.68 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information liblouis-2.6.4-6.6 is installed OR liblouis-data-2.6.4-6.6 is installed OR liblouis9-2.6.4-6.6 is installed OR python-louis-2.6.4-6.6 is installed OR python3-louis-2.6.4-6.6 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information java-1_8_0-ibm-1.8.0_sr5.30-30.46 is installed OR java-1_8_0-ibm-alsa-1.8.0_sr5.30-30.46 is installed OR java-1_8_0-ibm-plugin-1.8.0_sr5.30-30.46 is installed
Definition Synopsis
SUSE OpenStack Cloud 7 is installed AND ucode-intel-20180703-13.25 is installed
Definition Synopsis
SUSE OpenStack Cloud 8 is installed AND Package Information perl-5.18.2-12.20 is installed OR perl-32bit-5.18.2-12.20 is installed OR perl-base-5.18.2-12.20 is installed OR perl-doc-5.18.2-12.20 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information dovecot22-2.2.31-19.17 is installed OR dovecot22-backend-mysql-2.2.31-19.17 is installed OR dovecot22-backend-pgsql-2.2.31-19.17 is installed OR dovecot22-backend-sqlite-2.2.31-19.17 is installed

BACK