Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

SUSE-SU-2024:2756-1 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceSUSE-SU-2024:2756-1

SUSE-SU-2024:2756-1

UNKNOWN

Security update for ksh

Published Aug 5, 2024

Modified 1 years ago

Fix available

Details

This update for ksh fixes the following issues:

CVE-2019-14868: Fixed code injection due to environment variables on startup interpreted as arithmetic expression (bsc#1160796)

Other fixes:

do not use posix_spawn as it lacks proper job handling (bsc#1224057)
fix segfault in variable substitution (bsc#1129288)

Affected Packages

ksh

SUSE Linux Enterprise Module for Legacy 12SUSE Linux Enterprise Software Development Kit 12 SP5

Fixed in:

93vu-19.3.2

ksh-devel

SUSE Linux Enterprise Software Development Kit 12 SP5

Fixed in:

93vu-19.3.2

References

https://bugzilla.suse.com/1129288

https://bugzilla.suse.com/1160796

https://bugzilla.suse.com/1224057

https://www.suse.com/security/cve/CVE-2019-14868

https://www.suse.com/support/update/announcement/2024/suse-su-20242756-1/

Upstream

Related

Ecosystems

SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Software Development Kit 12 SP5

Timeline

PublishedAug 5, 2024

ModifiedAug 5, 2024