Mandriva Linux Security Advisory : bash (MDVSA-2010:004)
Medium Nessus Plugin ID 43880
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability have been discovered in Mandriva bash package, which could allow a malicious user to hide files from the ls command, or garble its output by crafting files or directories which contain special characters or escape sequences (CVE-2010-0002). This update fixes the issue by disabling the display of control characters by default.
Additionally, this update fixes the unsafe file creation in bash-doc sample scripts (CVE-2008-5374).
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.
SolutionUpdate the affected bash and / or bash-doc packages.