- Issued:
- 2014-10-13
- Updated:
- 2014-10-13
RHBA-2014:1503 - bash bug fix update
Synopsis
bash bug fix update
Type/Severity
Bug Fix Advisory (none)
Topic
Updated bash packages that fix several bugs are now available for Red Hat Enterprise Linux 6.
Description
The bash packages provide the Bash (Bourne-again shell) shell, which is the default shell for Red Hat Enterprise Linux.
This update fixes the following bugs:
-
Under certain circumstances, a file descriptor leak occurred in nested Bash functions. This bug has been fixed and file descriptors are no longer leaked in the described case. (BZ#948207)
-
Due to a bug in the tty driver, an ioctl call could return the "-EINTR" error code when the "read" command was interrupted by a signal, such as SIGCHLD. As a consequence, the subsequent "read" call caused the Bash shell to abort with a "double free or corruption (out)" error message. The applied patch corrects the tty driver to use the "-ERESTARTSYS" error code so the system call is restarted if needed. As a result, Bash no longer crashes in this scenario. (BZ#951171)
-
When the HISTFILESIZE variable was set to a value larger than zero, the HISTSIZE variable was set to zero as well. If the .bash_history file had time stamps enabled and was not empty, executing the "su - " command caused Bash to become unresponsive. This bug has been fixed, and Bash no longer hangs in the aforementioned scenario. (BZ#986095)
-
Previously, Bash did not process quote characters correctly when using here-strings with multi-line input in a function declaration. Consequently, the declaration was corrupted, which affected copying such functions, or transferring them to another shell. This bug has been fixed, and here-strings with multi-line input are now processed correctly. (BZ#1007926)
-
When processing larger associative arrays inside Bash scripts, a memory leak occurred. This bug has been fixed, and Bash no longer leaks memory when working with associative arrays. (BZ#1010164)
-
If a command substitution enclosed in double-quote characters contained a double-quoted string, Bash performed brace expansion on the command before performing command substitution. Consequently, the command created different output than expected. The bug has been fixed, and command substitution now precedes brace expansion in the described case. (BZ#1012015)
-
After editing a command in vi visual mode, Bash echoed every substituted command, which produced a lengthy shell output when editing loops. This behavior has been changed and Bash now only echoes the original string in the described scenario. (BZ#1102803)
Users of bash are advised to upgrade to these updated packages, which fix these bugs.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for Scientific Computing | 6 | x86_64 |
| Red Hat Enterprise Linux for Power, big endian | 6 | ppc64 |
| Red Hat Enterprise Linux for IBM z Systems | 6 | s390x |
| Red Hat Enterprise Linux Workstation | 6 | x86_64 |
| Red Hat Enterprise Linux Workstation | 6 | i386 |
| Red Hat Enterprise Linux Server | 6 | x86_64 |
| Red Hat Enterprise Linux Server | 6 | i386 |
| Red Hat Enterprise Linux Server from RHUI | 6 | x86_64 |
| Red Hat Enterprise Linux Server from RHUI | 6 | i386 |
| Red Hat Enterprise Linux Server - Retired Extended Life Cycle Support | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) | 6 | s390x |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) | 6 | s390x |
| Red Hat Enterprise Linux Desktop | 6 | x86_64 |
| Red Hat Enterprise Linux Desktop | 6 | i386 |
Updated Packages
- bash-debuginfo-4.1.2-29.el6.s390x.rpm
- bash-4.1.2-29.el6.s390x.rpm
- bash-doc-4.1.2-29.el6.s390x.rpm
- bash-debuginfo-4.1.2-29.el6.x86_64.rpm
- bash-debuginfo-4.1.2-29.el6.i686.rpm
- bash-doc-4.1.2-29.el6.i686.rpm
- bash-debuginfo-4.1.2-29.el6.ppc64.rpm
- bash-4.1.2-29.el6.x86_64.rpm
- bash-doc-4.1.2-29.el6.ppc64.rpm
- bash-4.1.2-29.el6.src.rpm
- bash-doc-4.1.2-29.el6.x86_64.rpm
- bash-4.1.2-29.el6.ppc64.rpm
- bash-4.1.2-29.el6.i686.rpm
Fixes
- This content is not included.BZ - 986095
- This content is not included.BZ - 1007926
- This content is not included.BZ - 1012015
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.