RHBA-2015:0654 - Bug Fix Advisory

Topic

Updated ksh packages that fix one bug are now available for Red Hat Enterprise
Linux 6.5 Extended Update Support.

Description

KornShell (KSH) is a Unix shell developed by AT&T Bell Laboratories, which is
backward-compatible with the Bourne shell (Bash) and includes many features of
the C shell. The most recent version is KSH-93. KornShell complies with the
POSIX.2 standard (IEEE Std 1003.2-1992).

This update fixes the following bug:

• Previously, the ksh shell did not filter environment variables it inherited.

As a result, the ksh environment contained variables that ksh was not able to
use or unset. This updated version filters variables during
initialization, and thus no longer inherits variables that are invalid for ksh.
As a result, ksh functions can now use all variables present in the environment.
(BZ#1195647)

Users of ksh are advised to upgrade to these updated packages, which fix this
bug.

Solution

Before applying this update, make sure all previously released errata relevant
to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Enterprise Linux for x86_64 - Extended Update Support 6.5 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 6.5 i386
• Red Hat Enterprise Linux Server - AUS 6.5 x86_64
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 6.5 s390x
• Red Hat Enterprise Linux for Power, big endian - Extended Update Support 6.5 ppc64
• Red Hat Enterprise Linux Server - TUS 6.5 x86_64
• Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.5 x86_64
• Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.5 i386
• Red Hat Enterprise Linux EUS Compute Node 6.5 x86_64

Fixes

• BZ - 1195647 - Bash fix for CVE-2014-7169 breaks ksh scripts that try to clear the environment

CVEs

(none)

References

(none)