Detections
Analytics

Fedora 22 : mksh-50f-1.fc22 (2015-6558)

high Nessus Plugin ID 83074

Language:

Synopsis

The remote Fedora host is missing a security update.

Description

R50f is a required security and bugfix release :

 - Add a patch marker for vendor patch versioning to mksh.1

 - SECURITY: make unset HISTFILE actually work

 - Document some more issues with the current history code

 - Remove some unused code

 - RCSID-only sync with OpenBSD, for bogus and irrelevant changes

 - Also disable field splitting for alias 'local= ypeset'

 - Fix read -n-1 to not be identical to read -N-1

 - Several fixes and improvements to lksh(1) and mksh(1) manpages

 - More code (int ' size_t), comment and testsuite fixes

 - Make dot.mkshrc more robust (LP#1441853)

 - Fix issues with IFS=' read, found by edualbus

 - Fix integer overflows related to file descriptor parsing, found by Pawel Wylecial (LP#1440685); reduce memory usage for I/O redirs

 - Document in the manpage how to set +-U according to the current locale settings via LANG/LC_* parameters (cf. Debian #782225)

 - Some code cleanup and restructuring

 - Handle number parsing and storing more carefully

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected mksh package.

See Also

http://www.nessus.org/u?11c4abf0

Plugin Details

Severity: High

ID: 83074

File Name: fedora_2015-6558.nasl

Version: 2.4

Type: local

Agent: unix

Published: 4/27/2015

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:mksh, cpe:/o:fedoraproject:fedora:22

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 4/21/2015

Reference Information

FEDORA: 2015-6558