RHBA-2014:1503 - Bug Fix Advisory

Topic

Updated bash packages that fix several bugs are now available for Red Hat
Enterprise Linux 6.

Description

The bash packages provide the Bash (Bourne-again shell) shell, which is the
default shell for Red Hat Enterprise Linux.

This update fixes the following bugs:

• Under certain circumstances, a file descriptor leak occurred in nested Bash

functions. This bug has been fixed and file descriptors are no longer leaked in
the described case. (BZ#948207)

• Due to a bug in the tty driver, an ioctl call could return the "-EINTR" error

code when the "read" command was interrupted by a signal, such as SIGCHLD. As a
consequence, the subsequent "read" call caused the Bash shell to abort with a
"double free or corruption (out)" error message. The applied patch corrects the
tty driver to use the "-ERESTARTSYS" error code so the system call is restarted
if needed. As a result, Bash no longer crashes in this scenario. (BZ#951171)

• When the HISTFILESIZE variable was set to a value larger than zero, the

HISTSIZE variable was set to zero as well. If the .bash_history file had time
stamps enabled and was not empty, executing the "su - " command caused Bash to
become unresponsive. This bug has been fixed, and Bash no longer hangs in the
aforementioned scenario. (BZ#986095)

• Previously, Bash did not process quote characters correctly when using

here-strings with multi-line input in a function declaration. Consequently, the
declaration was corrupted, which affected copying such functions, or
transferring them to another shell. This bug has been fixed, and here-strings
with multi-line input are now processed correctly. (BZ#1007926)

• When processing larger associative arrays inside Bash scripts, a memory leak

occurred. This bug has been fixed, and Bash no longer leaks memory when working
with associative arrays. (BZ#1010164)

• If a command substitution enclosed in double-quote characters contained a

double-quoted string, Bash performed brace expansion on the command before
performing command substitution. Consequently, the command created different
output than expected. The bug has been fixed, and command substitution now
precedes brace expansion in the described case. (BZ#1012015)

• After editing a command in vi visual mode, Bash echoed every substituted

command, which produced a lengthy shell output when editing loops. This behavior
has been changed and Bash now only echoes the original string in the described
scenario. (BZ#1102803)

Users of bash are advised to upgrade to these updated packages, which fix these
bugs.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 6 x86_64
• Red Hat Enterprise Linux Server 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
• Red Hat Enterprise Linux Workstation 6 x86_64
• Red Hat Enterprise Linux Workstation 6 i386
• Red Hat Enterprise Linux Desktop 6 x86_64
• Red Hat Enterprise Linux Desktop 6 i386
• Red Hat Enterprise Linux for IBM z Systems 6 s390x
• Red Hat Enterprise Linux for Power, big endian 6 ppc64
• Red Hat Enterprise Linux for Scientific Computing 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x

Fixes

• BZ - 986095 - bash bug, invalid array index of the_history
• BZ - 1007926 - Bash outputs functions with multi-line here-strings incorrectly
• BZ - 1012015 - Bash performs brace expansion on commands with double-quoted strings within a double-quoted command-substitution

CVEs

(none)

References

(none)