RHBA-2013:0306 - Bug Fix Advisory

Topic

Updated bash packages that fix three bugs and add one enhancement are now
available for Red Hat Enterprise Linux 6.

Description

The bash packages provide the Bash (Bourne-again shell) shell, which is the
default shell for Red Hat Enterprise Linux.

This update fixes the following bugs:

• Prior to this update, the trap handler could, under certain circumstances,

lose signals during another trap initialization. This update blocks the signal
while the trap string and handler are being modified. Now, the signals are no
longer lost. (BZ#695656)

• Prior to this update, the manual page for trap in Bash did not mention that

signals ignored upon entry cannot be listed later. This is now fixed and the
manual page entry text is amended to "Signals ignored upon entry to the shell
cannot be trapped, reset or listed". (BZ#799958)

• Prior to this update, the Bash shell called the trap handler within a signal

handler when a SIGCHLD signal was received in job control mode and a handler for
the signal was installed. This was a security risk and could cause Bash to enter
a deadlock or to terminate unexpectedly with a segmentation fault due to memory
corruption. With this update, the trap handler is now called outside of the
signal handler, and Bash no longer enters a deadlock. (BZ#800473)

This update also adds the following enhancement:

• This update enables the system-wide "/etc/bash.bash_logout" file. This allows

administrators to write system-wide logout actions for all users. (BZ#677439)

All users of bash are advised to upgrade to these updated packages, which fix
these bugs and add this enhancement.

Solution

Before applying this update, make sure all previously-released errata relevant
to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 6 x86_64
• Red Hat Enterprise Linux Server 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
• Red Hat Enterprise Linux Workstation 6 x86_64
• Red Hat Enterprise Linux Workstation 6 i386
• Red Hat Enterprise Linux Desktop 6 x86_64
• Red Hat Enterprise Linux Desktop 6 i386
• Red Hat Enterprise Linux for IBM z Systems 6 s390x
• Red Hat Enterprise Linux for Power, big endian 6 ppc64
• Red Hat Enterprise Linux for Scientific Computing 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) 6 s390x

Fixes

• BZ - 677439 - system global bash.bash_logout is disabled in config-top.h
• BZ - 695656 - possible race condition when using trap, signal is lost
• BZ - 799958 - trap -p not displaying ignored signal when run from child bash

CVEs

(none)

References

(none)