Red Hat Product Errata RHSA-2020:1333 - Security Advisory
Issued:
2020-04-06
Updated:
2020-04-06

RHSA-2020:1333 - Security Advisory

Synopsis

Important: ksh security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for ksh is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

KornShell (ksh) is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell (sh) and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard (IEEE Std 1003.2-1992).

Security Fix(es):

  • ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (CVE-2019-14868)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 7.6 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.6 s390x
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.6 ppc64
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6 ppc64le
  • Red Hat Enterprise Linux Server - TUS 7.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 7 aarch64
  • Red Hat Enterprise Linux for Power 9 7 ppc64le
  • Red Hat Enterprise Linux EUS Compute Node 7.6 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.6 x86_64
  • Red Hat Enterprise Linux for IBM System z (Structure A) 7 s390x

Fixes

  • BZ - 1757324 - CVE-2019-14868 ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection

Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.6

SRPM
ksh-20120801-140.el7_6.src.rpm SHA-256: 30306457b35935aa13c82dde26a8e13354c8315169bbb405afff74c4fe656a02
x86_64
ksh-20120801-140.el7_6.x86_64.rpm SHA-256: c9c3b90e421b319a04568512b4faad2b8f8b0bd2971a2bd131e222feb07218e5
ksh-debuginfo-20120801-140.el7_6.x86_64.rpm SHA-256: dff32b139be79356dfd06b1514c4bae24d0ae97ccdd58f81c06b4fe831362435

Red Hat Enterprise Linux Server - AUS 7.6

SRPM
ksh-20120801-140.el7_6.src.rpm SHA-256: 30306457b35935aa13c82dde26a8e13354c8315169bbb405afff74c4fe656a02
x86_64
ksh-20120801-140.el7_6.x86_64.rpm SHA-256: c9c3b90e421b319a04568512b4faad2b8f8b0bd2971a2bd131e222feb07218e5
ksh-debuginfo-20120801-140.el7_6.x86_64.rpm SHA-256: dff32b139be79356dfd06b1514c4bae24d0ae97ccdd58f81c06b4fe831362435

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.6

SRPM
ksh-20120801-140.el7_6.src.rpm SHA-256: 30306457b35935aa13c82dde26a8e13354c8315169bbb405afff74c4fe656a02
s390x
ksh-20120801-140.el7_6.s390x.rpm SHA-256: 9156bbb1ae04d040bd4fdfde06504d6fc3daae263cfb3438e62f52d7c03c51b9
ksh-debuginfo-20120801-140.el7_6.s390x.rpm SHA-256: 8988d709039daafec2b9162e9b6f1e6873773ac11069c1eedabee8b2a1584949

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.6

SRPM
ksh-20120801-140.el7_6.src.rpm SHA-256: 30306457b35935aa13c82dde26a8e13354c8315169bbb405afff74c4fe656a02
ppc64
ksh-20120801-140.el7_6.ppc64.rpm SHA-256: 521fdd000038b8a7627d53bfe396a8393ad03765f6b79b888a5485a80569e9c3
ksh-debuginfo-20120801-140.el7_6.ppc64.rpm SHA-256: 1e49a6615fb0d6481c3d8c8ba5ce8db0ae475505f7abe7862a62ab9e12f15131

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6

SRPM
ksh-20120801-140.el7_6.src.rpm SHA-256: 30306457b35935aa13c82dde26a8e13354c8315169bbb405afff74c4fe656a02
ppc64le
ksh-20120801-140.el7_6.ppc64le.rpm SHA-256: 70193549e46c636895a22b266036b6176658105da0ccf1271907b8defd29ef57
ksh-debuginfo-20120801-140.el7_6.ppc64le.rpm SHA-256: 0d43d56fd4a0c9fbed472cf1779e0e2b831b67fcaab3fb21ff2faad8a6ebea60

Red Hat Enterprise Linux Server - TUS 7.6

SRPM
ksh-20120801-140.el7_6.src.rpm SHA-256: 30306457b35935aa13c82dde26a8e13354c8315169bbb405afff74c4fe656a02
x86_64
ksh-20120801-140.el7_6.x86_64.rpm SHA-256: c9c3b90e421b319a04568512b4faad2b8f8b0bd2971a2bd131e222feb07218e5
ksh-debuginfo-20120801-140.el7_6.x86_64.rpm SHA-256: dff32b139be79356dfd06b1514c4bae24d0ae97ccdd58f81c06b4fe831362435

Red Hat Enterprise Linux for ARM 64 7

SRPM
ksh-20120801-140.el7_6.src.rpm SHA-256: 30306457b35935aa13c82dde26a8e13354c8315169bbb405afff74c4fe656a02
aarch64
ksh-20120801-140.el7_6.aarch64.rpm SHA-256: 3ee09d00733059e258619aef9c97e3a740358f028320e3ec0a785b2b97fc2ae9
ksh-debuginfo-20120801-140.el7_6.aarch64.rpm SHA-256: fce2d95c5b56740978fcf1640644717e43f47d800058d4f44f8aa420c2b7cce4

Red Hat Enterprise Linux for Power 9 7

SRPM
ksh-20120801-140.el7_6.src.rpm SHA-256: 30306457b35935aa13c82dde26a8e13354c8315169bbb405afff74c4fe656a02
ppc64le
ksh-20120801-140.el7_6.ppc64le.rpm SHA-256: 70193549e46c636895a22b266036b6176658105da0ccf1271907b8defd29ef57
ksh-debuginfo-20120801-140.el7_6.ppc64le.rpm SHA-256: 0d43d56fd4a0c9fbed472cf1779e0e2b831b67fcaab3fb21ff2faad8a6ebea60

Red Hat Enterprise Linux EUS Compute Node 7.6

SRPM
ksh-20120801-140.el7_6.src.rpm SHA-256: 30306457b35935aa13c82dde26a8e13354c8315169bbb405afff74c4fe656a02
x86_64
ksh-20120801-140.el7_6.x86_64.rpm SHA-256: c9c3b90e421b319a04568512b4faad2b8f8b0bd2971a2bd131e222feb07218e5
ksh-debuginfo-20120801-140.el7_6.x86_64.rpm SHA-256: dff32b139be79356dfd06b1514c4bae24d0ae97ccdd58f81c06b4fe831362435

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.6

SRPM
ksh-20120801-140.el7_6.src.rpm SHA-256: 30306457b35935aa13c82dde26a8e13354c8315169bbb405afff74c4fe656a02
ppc64le
ksh-20120801-140.el7_6.ppc64le.rpm SHA-256: 70193549e46c636895a22b266036b6176658105da0ccf1271907b8defd29ef57
ksh-debuginfo-20120801-140.el7_6.ppc64le.rpm SHA-256: 0d43d56fd4a0c9fbed472cf1779e0e2b831b67fcaab3fb21ff2faad8a6ebea60

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.6

SRPM
ksh-20120801-140.el7_6.src.rpm SHA-256: 30306457b35935aa13c82dde26a8e13354c8315169bbb405afff74c4fe656a02
x86_64
ksh-20120801-140.el7_6.x86_64.rpm SHA-256: c9c3b90e421b319a04568512b4faad2b8f8b0bd2971a2bd131e222feb07218e5
ksh-debuginfo-20120801-140.el7_6.x86_64.rpm SHA-256: dff32b139be79356dfd06b1514c4bae24d0ae97ccdd58f81c06b4fe831362435

Red Hat Enterprise Linux for IBM System z (Structure A) 7

SRPM
ksh-20120801-140.el7_6.src.rpm SHA-256: 30306457b35935aa13c82dde26a8e13354c8315169bbb405afff74c4fe656a02
s390x
ksh-20120801-140.el7_6.s390x.rpm SHA-256: 9156bbb1ae04d040bd4fdfde06504d6fc3daae263cfb3438e62f52d7c03c51b9
ksh-debuginfo-20120801-140.el7_6.s390x.rpm SHA-256: 8988d709039daafec2b9162e9b6f1e6873773ac11069c1eedabee8b2a1584949

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.