USN-5380-1

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/notices/USN-5380-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5380-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-5380-1
Related
Published
2022-04-20T07:41:07.010129Z
Modified
2022-04-20T07:41:07.010129Z
Summary
bash vulnerability
Details

It was discovered that Bash did not properly drop privileges when the binary had the setuid bit enabled. An attacker could possibly use this issue to escalate privileges.

References

Affected packages

Ubuntu:Pro:14.04:LTS / bash

Package

Name
bash
Purl
pkg:deb/ubuntu/bash@4.3-7ubuntu1.8+esm2?arch=source&distro=trusty/esm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3-7ubuntu1.8+esm2

Affected versions

4.*

4.2-5ubuntu3
4.3-1ubuntu2
4.3-2ubuntu1
4.3-3ubuntu1
4.3-4ubuntu1
4.3-4ubuntu2
4.3-6ubuntu1
4.3-7ubuntu1
4.3-7ubuntu1.1
4.3-7ubuntu1.2
4.3-7ubuntu1.3
4.3-7ubuntu1.4
4.3-7ubuntu1.5
4.3-7ubuntu1.6
4.3-7ubuntu1.7
4.3-7ubuntu1.8+esm1

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "4.3-7ubuntu1.8+esm2",
            "binary_name": "bash"
        },
        {
            "binary_version": "4.3-7ubuntu1.8+esm2",
            "binary_name": "bash-builtins"
        },
        {
            "binary_version": "4.3-7ubuntu1.8+esm2",
            "binary_name": "bash-dbgsym"
        },
        {
            "binary_version": "4.3-7ubuntu1.8+esm2",
            "binary_name": "bash-doc"
        },
        {
            "binary_version": "4.3-7ubuntu1.8+esm2",
            "binary_name": "bash-static"
        },
        {
            "binary_version": "4.3-7ubuntu1.8+esm2",
            "binary_name": "bash-static-dbgsym"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / bash

Package

Name
bash
Purl
pkg:deb/ubuntu/bash@4.3-14ubuntu1.4+esm1?arch=source&distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3-14ubuntu1.4+esm1

Affected versions

4.*

4.3-14ubuntu1
4.3-14ubuntu1.1
4.3-14ubuntu1.2
4.3-14ubuntu1.3
4.3-14ubuntu1.4

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "4.3-14ubuntu1.4+esm1",
            "binary_name": "bash"
        },
        {
            "binary_version": "4.3-14ubuntu1.4+esm1",
            "binary_name": "bash-builtins"
        },
        {
            "binary_version": "4.3-14ubuntu1.4+esm1",
            "binary_name": "bash-dbgsym"
        },
        {
            "binary_version": "4.3-14ubuntu1.4+esm1",
            "binary_name": "bash-doc"
        },
        {
            "binary_version": "4.3-14ubuntu1.4+esm1",
            "binary_name": "bash-static"
        },
        {
            "binary_version": "4.3-14ubuntu1.4+esm1",
            "binary_name": "bash-static-dbgsym"
        }
    ]
}

Ubuntu:18.04:LTS / bash

Package

Name
bash
Purl
pkg:deb/ubuntu/bash@4.4.18-2ubuntu1.3?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.18-2ubuntu1.3

Affected versions

4.*

4.4-5ubuntu1
4.4.18-1ubuntu1
4.4.18-2ubuntu1
4.4.18-2ubuntu1.1
4.4.18-2ubuntu1.2

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "4.4.18-2ubuntu1.3",
            "binary_name": "bash"
        },
        {
            "binary_version": "4.4.18-2ubuntu1.3",
            "binary_name": "bash-builtins"
        },
        {
            "binary_version": "4.4.18-2ubuntu1.3",
            "binary_name": "bash-builtins-dbgsym"
        },
        {
            "binary_version": "4.4.18-2ubuntu1.3",
            "binary_name": "bash-dbgsym"
        },
        {
            "binary_version": "4.4.18-2ubuntu1.3",
            "binary_name": "bash-doc"
        },
        {
            "binary_version": "4.4.18-2ubuntu1.3",
            "binary_name": "bash-static"
        },
        {
            "binary_version": "4.4.18-2ubuntu1.3",
            "binary_name": "bash-static-dbgsym"
        }
    ]
}

Ubuntu:20.04:LTS / bash

Package

Name
bash
Purl
pkg:deb/ubuntu/bash@5.0-6ubuntu1.2?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.0-6ubuntu1.2

Affected versions

5.*

5.0-4ubuntu1
5.0-5ubuntu1
5.0-6ubuntu1
5.0-6ubuntu1.1

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "5.0-6ubuntu1.2",
            "binary_name": "bash"
        },
        {
            "binary_version": "5.0-6ubuntu1.2",
            "binary_name": "bash-builtins"
        },
        {
            "binary_version": "5.0-6ubuntu1.2",
            "binary_name": "bash-builtins-dbgsym"
        },
        {
            "binary_version": "5.0-6ubuntu1.2",
            "binary_name": "bash-dbgsym"
        },
        {
            "binary_version": "5.0-6ubuntu1.2",
            "binary_name": "bash-doc"
        },
        {
            "binary_version": "5.0-6ubuntu1.2",
            "binary_name": "bash-static"
        },
        {
            "binary_version": "5.0-6ubuntu1.2",
            "binary_name": "bash-static-dbgsym"
        }
    ]
}