Skip to main content
Early Access
— Mondoo Vulnerability Intelligence is currently in preview.
Vulnerability Intelligence
Login
Get Demo
SUSE-SU-2024:2756-1 | Mondoo Vulnerability Intelligence
Back to search
SUSE-SU-2024:2756-1
UNKNOWN
Security update for ksh
Published Aug 5, 2024
Modified 1 years ago
Fix available
Details
This update for ksh fixes the following issues:
CVE-2019-14868: Fixed code injection due to environment variables on startup interpreted as arithmetic expression (bsc#1160796)
Other fixes:
do not use posix_spawn as it lacks proper job handling (bsc#1224057)
fix segfault in variable substitution (bsc#1129288)
Affected Packages
SUSE:Linux Enterprise Module for Legacy 12
ksh
Fixed in:
93vu-19.3.2
SUSE:Linux Enterprise Software Development Kit 12 SP5
ksh
Fixed in:
93vu-19.3.2
SUSE:Linux Enterprise Software Development Kit 12 SP5
ksh-devel
Fixed in:
93vu-19.3.2
References
REPORT
https://bugzilla.suse.com/1129288
REPORT
https://bugzilla.suse.com/1160796
REPORT
https://bugzilla.suse.com/1224057
WEB
https://www.suse.com/security/cve/CVE-2019-14868
ADVISORY
https://www.suse.com/support/update/announcement/2024/suse-su-20242756-1/
Upstream
CVE-2019-14868
Related
CVE-2019-14868
Ecosystems
SUSE Linux Enterprise Module for Legacy 12
SUSE Linux Enterprise Software Development Kit 12 SP5
Timeline
Published
Aug 5, 2024
Modified
Aug 5, 2024