Debian DLA-1726-1 : bash security update
High Nessus Plugin ID 123093
SynopsisThe remote Debian host is missing a security update.
DescriptionTwo issues have been fixed in bash, the GNU Bourne-Again Shell :
The popd builtin segfaulted when called with negative out of range offsets.
Sylvain Beucler discovered that it was possible to call commands that contained a slash when in restricted mode (rbash) by adding them to the BASH_CMDS array.
For Debian 8 'Jessie', these problems have been fixed in version 4.3-11+deb8u2.
We recommend that you upgrade your bash packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpgrade the affected packages.