RHBA-2013:1599 - Bug Fix Advisory

Topic

Updated ksh packages that fix several bugs and add various enhancements are now
available for Red Hat Enterprise Linux 6.

Description

KornShell (KSH) is a Unix shell developed by AT&T Bell Laboratories, which is
backward-compatible with the Bourne shell (Bash) and includes many features of
the C shell. The most recent version is KSH-93. KornShell complies with the
POSIX.2 standard (IEEE Std 1003.2-1992).

The ksh package has been upgraded to upstream version 20120801, which provides a
number of bug fixes and enhancements over the previous version. (BZ#840568)

This update also fixes the following bugs:

• Previously, the ksh shell did not set any editing mode as default, which

caused various usability problems in interactive mode and with shell
auto-completion. This update sets emacs editing mode as default for new users.
As a result, the usability is significantly improved and the shell
auto-completion works as expected. (BZ#761551)

• Previously, the ksh internal counter of jobs was too small. Consequently, when

a script used a number of subshells in a loop, a counter overflow could occur
causing the ksh shell to terminate unexpectedly with a segmentation fault. This
update modifies ksh to use bigger types for counter variables. As a result, ksh
no longer crashes in the described scenario. (BZ#858263)

• Previously, the ksh shell did not compute an offset for fixed size variables

correctly. As a consequence, when assigning a right-justified variable with a
fixed width to a smaller variable, the new variable could have an incorrect
content. This update applies a patch to fix this bug and the assignment now
proceeds as expected. (BZ#903750)

• Previously, the output of command substitutions was not always redirected

properly. Consequently, the output in a here-document could be lost. This update
fixes the redirection code for command substitutions and the here-document now
contains the output as expected. (BZ#913110)

• Using arrays inside of ksh functions, command aliases, or automatically loaded

functions caused memory leaks to occur. The underlying source code has been
modified to fix this bug and the memory leaks no longer occur in the described
scenario. (BZ#921455, BZ#982142)

• Previously, the ksh SIGTSTP signal handler could trigger another SIGTSTP

signal. Consequently, ksh could enter an infinite loop. This updated version
fixes the SIGTSTP signal processing and ksh now handles the signal without any
problems. (BZ#922851)

• Previously, the ksh shell did not resize the file descriptor list every time

it was necessary. This could lead to memory corruption when several file
descriptors were used. As a consequence, ksh terminated unexpectedly. This
updated version resizes the file descriptor list every time it is needed, and
ksh no longer crashes in the described scenario. (BZ#924440)

• Previously, the ksh shell ignored the "-m" argument specified by the command

line. As a consequence, ksh did not enable monitor mode and the user had to
enable it in a script. With this update, ksh no longer ignores the argument so
that the user is able to enable monitor mode from the command line as expected.
(BZ#960034)

• The ksh shell did not handle I/O redirections from command substitutions

inside a pipeline correctly. Consequently, the output of certain commands could
be lost. With this update, the redirections have been fixed and data is no
longer missing from the command outputs. (BZ#994251)

Users of ksh are advised to upgrade to these updated packages, which fix these
bugs and add these enhancements.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 6 x86_64
• Red Hat Enterprise Linux Server 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
• Red Hat Enterprise Linux Workstation 6 x86_64
• Red Hat Enterprise Linux Workstation 6 i386
• Red Hat Enterprise Linux Desktop 6 x86_64
• Red Hat Enterprise Linux Desktop 6 i386
• Red Hat Enterprise Linux for IBM z Systems 6 s390x
• Red Hat Enterprise Linux for Power, big endian 6 ppc64
• Red Hat Enterprise Linux for Scientific Computing 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) 6 s390x

Fixes

• BZ - 761551 - set default editing mode to emacs
• BZ - 922851 - exec a script causes a fork bomb when receiving SIGTSTP

CVEs

(none)

References

(none)