MGASA-2021-0288

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0288.html

Import Source

https://advisories.mageia.org/MGASA-2021-0288.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2021-0288

Related

CVE-2019-18276

Published

2021-06-28T21:16:35Z

Modified

2021-06-28T20:03:01Z

Summary

Updated bash packages fix a security vulnerability

Details

A privilege escalation vulnerability was found in bash in the way it dropped privileges when started with an effective user id not equal to the real user id. Bash may be vulnerable to this flaw if the setuid permission is set and the owner of the bash program itself is a non-root user. A local attacker could exploit this flaw to escalate their privileges on the system (CVE-2019-18276).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / bash

Package

Name: bash
Purl: pkg:rpm/mageia/bash?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.4-23.1.2.mga7

Ecosystem specific

{
    "section": "core"
}