RHBA-2013:1351 - Bug Fix Advisory

Topic

Updated ksh packages that fix several bugs are now available for Red Hat
Enterprise Linux 5.

Description

KornShell (KSH) is a Unix shell developed by AT&T Bell Laboratories, which is
backward-compatible with the Bourne shell (Bash) and includes many features of
the C shell. The most recent version is KSH-93. KornShell complies with the
POSIX.2 standard (IEEE Std 1003.2-1992).

This update fixes the following bugs:

• Due to a bug in the ksh package, command substitutions containing the pipe

("|") character returned incorrect return codes. This bug has been fixed, and
the pipe character can now be used inside command substitutions without
complications. (BZ#892206)

• Previously, the ksh SIGTSTP signal handler could trigger another SIGTSTP

signal. Consequently, ksh would enter an infinite loop. This updated version
fixes the SIGTSTP signal processing and ksh now handles this signal without
problems. (BZ#910923)

• In certain cases, ksh did not execute command substitution inside of "here"

documents. Consequently, some content of a here document could be missing. With
this update, the command substitution for here documents has been fixed. As a
result, here documents include data from command substitutions as expected.
(BZ#912443)

• Previously, when using arrays inside of ksh functions, memory leaks occurred.

This bug has been fixed, and memory leaks no longer occur in the described
scenario. (BZ#921138)

• Previously, ksh did not resize the file descriptor list every time it was

necessary. Consequently, a memory corruption could occur when a large amount of
file descriptors were used. With this update, ksh has been modified to resize
the file descriptor list every time it is needed. As a result, memory corruption
no longer occurs in the described scenario. (BZ#958195)

• Previously, ksh did not prevent modifications of variables of the read-only

type. As a consequence, ksh terminated unexpectedly with a segmentation fault
when such a variable had been modified. With this update, modification of
read-only variables are not allowed, and ksh prints an error message in this
scenario. (BZ#972732)

Users of ksh are advised to upgrade to these updated packages, which fix these
bugs.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 5 x86_64
• Red Hat Enterprise Linux Server 5 ia64
• Red Hat Enterprise Linux Server 5 i386
• Red Hat Enterprise Linux Workstation 5 x86_64
• Red Hat Enterprise Linux Workstation 5 i386
• Red Hat Enterprise Linux for IBM z Systems 5 s390x
• Red Hat Enterprise Linux for Power, big endian 5 ppc
• Red Hat Enterprise Linux Server from RHUI 5 x86_64
• Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

• BZ - 892206 - Using a pipe in a command substitution triggers wrong return codes
• BZ - 984944 - cppcheck found new leak in ksh

CVEs

(none)

References

(none)