RHBA-2011:0385 - Bug Fix Advisory

Topic

An updated ksh package that fixes various bugs is now available for Red Hat
Enterprise Linux 5.

Description

KSH-93 is the most recent version of the KornShell by David Korn of AT&T Bell
Laboratories. KornShell is a shell programming language which is also compatible
with sh, the original Bourne Shell.

This update fixes the following bugs:

• The KornShell's "IFS" variable contains a list of field separators and is used

to separate the results of command substitution, parameter expansion, or
separate fields with the "read" built-in command. Previously, ksh did not
protect this variable from being freed. Consequent to this, when a user
attempted to unset the "IFS" variable from within a function, ksh terminated
unexpectedly with a segmentation fault. With this update, an upstream patch has
been applied to address this issue, and using the "unset IFS" command inside a
function body no longer causes ksh to crash. (BZ#684829)

• When a ksh script created a file and immediately opened it after the creation,

the operation failed. This happened because the created file, in some cases, did
not exist yet. With this update, this race condition has been fixed and once a
file is created, it is immediately available for any following commands.
(BZ#684831)

• Prior to this update, ksh did not close a file containing an auto-loaded

function definition. After loading several functions, ksh could have easily
exceeded the system's limit on the number of open files. With this update, files
containing auto-loaded functions are properly closed, thus, the number of opened
files no longer increases with usage. (BZ#684832)

All users of ksh are advised to upgrade to this updated package, which resolves
these issues.

Solution

Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

• Red Hat Enterprise Linux Server 5 x86_64
• Red Hat Enterprise Linux Server 5 ia64
• Red Hat Enterprise Linux Server 5 i386
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.6 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.6 ia64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.6 i386
• Red Hat Enterprise Linux Server - AUS 5.6 x86_64
• Red Hat Enterprise Linux Server - AUS 5.6 ia64
• Red Hat Enterprise Linux Server - AUS 5.6 i386
• Red Hat Enterprise Linux Workstation 5 x86_64
• Red Hat Enterprise Linux Workstation 5 i386
• Red Hat Enterprise Linux for IBM z Systems 5 s390x
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.6 s390x
• Red Hat Enterprise Linux for Power, big endian 5 ppc
• Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.6 ppc
• Red Hat Enterprise Linux Server from RHUI 5 x86_64
• Red Hat Enterprise Linux Server from RHUI 5 i386
• Red Hat Enterprise Linux Server - Extended Update Support from RHUI 5.6 x86_64
• Red Hat Enterprise Linux Server - Extended Update Support from RHUI 5.6 i386

Fixes

• BZ - 684829 - ksh crashes when IFS is unset inside a function
• BZ - 684831 - In ksh scripts, files may be created but then fail to be immediately opened.
• BZ - 684832 - ksh doesn't close the file including the function definition

CVEs

(none)

References

(none)