Red Hat Product Errata RHSA-2021:1679 - Security Advisory

Issued:: 2021-05-18
Updated:: 2021-05-18

RHSA-2021:1679 - Security Advisory

Overview
Updated Packages

Synopsis

Low: bash security and bug fix update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for bash is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The bash packages provide Bash (Bourne-again shell), which is the default shell for Red Hat Enterprise Linux.

Security Fix(es):

bash: when effective UID is not equal to its real UID the saved UID is not dropped (CVE-2019-18276)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
Red Hat Enterprise Linux Server - AUS 8.6 x86_64
Red Hat Enterprise Linux Server - AUS 8.4 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
Red Hat Enterprise Linux Server - TUS 8.6 x86_64
Red Hat Enterprise Linux Server - TUS 8.4 x86_64
Red Hat Enterprise Linux for ARM 64 8 aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions 8.6 x86_64
Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions 8.4 x86_64

Fixes

BZ - 1778309 - CVE-2019-18276 bash: when effective UID is not equal to its real UID the saved UID is not dropped
BZ - 1890888 - Took long time to return when bash -c 'exit 2 & wait $!' run in the big size LimitNPROC values

CVEs

CVE-2019-18276

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
bash-4.4.19-14.el8.src.rpm	SHA-256: 61062b46da34dace0f9e0b9167ef5cea1f4c2bf9c8d46f2c9efade3af6692c5d
x86_64
bash-4.4.19-14.el8.x86_64.rpm	SHA-256: d6aefd16f938e736ef5f3009bf2c67ef3953a6d82ed9c2e8a405dbd4a2f28d0f
bash-debuginfo-4.4.19-14.el8.x86_64.rpm	SHA-256: 13d5450f9d3ff45d1ca8f50dd5d5c3b78f07f25c017e4b21abf6ccaa8b3e2766
bash-debugsource-4.4.19-14.el8.x86_64.rpm	SHA-256: 1384206ed4fa0664ddf8800aab1c366da8ed218be8a895c5d88b681d547d53c5
bash-doc-4.4.19-14.el8.x86_64.rpm	SHA-256: 8fd0e048478c57e20c00228b87efc4d038da188ad80a3cd7db4886c02685173c

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6

SRPM
bash-4.4.19-14.el8.src.rpm	SHA-256: 61062b46da34dace0f9e0b9167ef5cea1f4c2bf9c8d46f2c9efade3af6692c5d
x86_64
bash-4.4.19-14.el8.x86_64.rpm	SHA-256: d6aefd16f938e736ef5f3009bf2c67ef3953a6d82ed9c2e8a405dbd4a2f28d0f
bash-debuginfo-4.4.19-14.el8.x86_64.rpm	SHA-256: 13d5450f9d3ff45d1ca8f50dd5d5c3b78f07f25c017e4b21abf6ccaa8b3e2766
bash-debugsource-4.4.19-14.el8.x86_64.rpm	SHA-256: 1384206ed4fa0664ddf8800aab1c366da8ed218be8a895c5d88b681d547d53c5
bash-doc-4.4.19-14.el8.x86_64.rpm	SHA-256: 8fd0e048478c57e20c00228b87efc4d038da188ad80a3cd7db4886c02685173c

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4

SRPM
bash-4.4.19-14.el8.src.rpm	SHA-256: 61062b46da34dace0f9e0b9167ef5cea1f4c2bf9c8d46f2c9efade3af6692c5d
x86_64
bash-4.4.19-14.el8.x86_64.rpm	SHA-256: d6aefd16f938e736ef5f3009bf2c67ef3953a6d82ed9c2e8a405dbd4a2f28d0f
bash-debuginfo-4.4.19-14.el8.x86_64.rpm	SHA-256: 13d5450f9d3ff45d1ca8f50dd5d5c3b78f07f25c017e4b21abf6ccaa8b3e2766
bash-debugsource-4.4.19-14.el8.x86_64.rpm	SHA-256: 1384206ed4fa0664ddf8800aab1c366da8ed218be8a895c5d88b681d547d53c5
bash-doc-4.4.19-14.el8.x86_64.rpm	SHA-256: 8fd0e048478c57e20c00228b87efc4d038da188ad80a3cd7db4886c02685173c

Red Hat Enterprise Linux Server - AUS 8.6

SRPM
bash-4.4.19-14.el8.src.rpm	SHA-256: 61062b46da34dace0f9e0b9167ef5cea1f4c2bf9c8d46f2c9efade3af6692c5d
x86_64
bash-4.4.19-14.el8.x86_64.rpm	SHA-256: d6aefd16f938e736ef5f3009bf2c67ef3953a6d82ed9c2e8a405dbd4a2f28d0f
bash-debuginfo-4.4.19-14.el8.x86_64.rpm	SHA-256: 13d5450f9d3ff45d1ca8f50dd5d5c3b78f07f25c017e4b21abf6ccaa8b3e2766
bash-debugsource-4.4.19-14.el8.x86_64.rpm	SHA-256: 1384206ed4fa0664ddf8800aab1c366da8ed218be8a895c5d88b681d547d53c5
bash-doc-4.4.19-14.el8.x86_64.rpm	SHA-256: 8fd0e048478c57e20c00228b87efc4d038da188ad80a3cd7db4886c02685173c

Red Hat Enterprise Linux Server - AUS 8.4

SRPM
bash-4.4.19-14.el8.src.rpm	SHA-256: 61062b46da34dace0f9e0b9167ef5cea1f4c2bf9c8d46f2c9efade3af6692c5d
x86_64
bash-4.4.19-14.el8.x86_64.rpm	SHA-256: d6aefd16f938e736ef5f3009bf2c67ef3953a6d82ed9c2e8a405dbd4a2f28d0f
bash-debuginfo-4.4.19-14.el8.x86_64.rpm	SHA-256: 13d5450f9d3ff45d1ca8f50dd5d5c3b78f07f25c017e4b21abf6ccaa8b3e2766
bash-debugsource-4.4.19-14.el8.x86_64.rpm	SHA-256: 1384206ed4fa0664ddf8800aab1c366da8ed218be8a895c5d88b681d547d53c5
bash-doc-4.4.19-14.el8.x86_64.rpm	SHA-256: 8fd0e048478c57e20c00228b87efc4d038da188ad80a3cd7db4886c02685173c

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
bash-4.4.19-14.el8.src.rpm	SHA-256: 61062b46da34dace0f9e0b9167ef5cea1f4c2bf9c8d46f2c9efade3af6692c5d
s390x
bash-4.4.19-14.el8.s390x.rpm	SHA-256: 2587bae9ae58bae9737b12d1bfe3eaf14f19bba375538f1d92a97830eb2887f7
bash-debuginfo-4.4.19-14.el8.s390x.rpm	SHA-256: bc6dc62bc46a8b78aaee5b88b8ab7f9332bf785324e3d124a1efd0e226b9b5c2
bash-debugsource-4.4.19-14.el8.s390x.rpm	SHA-256: e26660782400b3fa7f06def03f2c378efd8930488de902287b80695c785237c6
bash-doc-4.4.19-14.el8.s390x.rpm	SHA-256: 6c169e0c55e997123f75c1cf43472d382d8f9638624156763a70f8de7ac2678e

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6

SRPM
bash-4.4.19-14.el8.src.rpm	SHA-256: 61062b46da34dace0f9e0b9167ef5cea1f4c2bf9c8d46f2c9efade3af6692c5d
s390x
bash-4.4.19-14.el8.s390x.rpm	SHA-256: 2587bae9ae58bae9737b12d1bfe3eaf14f19bba375538f1d92a97830eb2887f7
bash-debuginfo-4.4.19-14.el8.s390x.rpm	SHA-256: bc6dc62bc46a8b78aaee5b88b8ab7f9332bf785324e3d124a1efd0e226b9b5c2
bash-debugsource-4.4.19-14.el8.s390x.rpm	SHA-256: e26660782400b3fa7f06def03f2c378efd8930488de902287b80695c785237c6
bash-doc-4.4.19-14.el8.s390x.rpm	SHA-256: 6c169e0c55e997123f75c1cf43472d382d8f9638624156763a70f8de7ac2678e

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4

SRPM
bash-4.4.19-14.el8.src.rpm	SHA-256: 61062b46da34dace0f9e0b9167ef5cea1f4c2bf9c8d46f2c9efade3af6692c5d
s390x
bash-4.4.19-14.el8.s390x.rpm	SHA-256: 2587bae9ae58bae9737b12d1bfe3eaf14f19bba375538f1d92a97830eb2887f7
bash-debuginfo-4.4.19-14.el8.s390x.rpm	SHA-256: bc6dc62bc46a8b78aaee5b88b8ab7f9332bf785324e3d124a1efd0e226b9b5c2
bash-debugsource-4.4.19-14.el8.s390x.rpm	SHA-256: e26660782400b3fa7f06def03f2c378efd8930488de902287b80695c785237c6
bash-doc-4.4.19-14.el8.s390x.rpm	SHA-256: 6c169e0c55e997123f75c1cf43472d382d8f9638624156763a70f8de7ac2678e

Red Hat Enterprise Linux for Power, little endian 8

SRPM
bash-4.4.19-14.el8.src.rpm	SHA-256: 61062b46da34dace0f9e0b9167ef5cea1f4c2bf9c8d46f2c9efade3af6692c5d
ppc64le
bash-4.4.19-14.el8.ppc64le.rpm	SHA-256: 732db5d458ed4cd7308e45658f5c59062eadf4a9e145b26df17dbbb1a1a61618
bash-debuginfo-4.4.19-14.el8.ppc64le.rpm	SHA-256: 09fc0fb42fd38814296a19425a77f7b7c060b2f0df0a509d37ee5c7c46547cd4
bash-debugsource-4.4.19-14.el8.ppc64le.rpm	SHA-256: 7d608b9c4de11898c64bd087874c20cb6bbe1e31a55068c4f51b0298b0ac7de5
bash-doc-4.4.19-14.el8.ppc64le.rpm	SHA-256: 42ed0e5f5d0344da1d23475ed5661bd6a07b4328df3ba3a3cb8902ae839be4c5

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6

SRPM
bash-4.4.19-14.el8.src.rpm	SHA-256: 61062b46da34dace0f9e0b9167ef5cea1f4c2bf9c8d46f2c9efade3af6692c5d
ppc64le
bash-4.4.19-14.el8.ppc64le.rpm	SHA-256: 732db5d458ed4cd7308e45658f5c59062eadf4a9e145b26df17dbbb1a1a61618
bash-debuginfo-4.4.19-14.el8.ppc64le.rpm	SHA-256: 09fc0fb42fd38814296a19425a77f7b7c060b2f0df0a509d37ee5c7c46547cd4
bash-debugsource-4.4.19-14.el8.ppc64le.rpm	SHA-256: 7d608b9c4de11898c64bd087874c20cb6bbe1e31a55068c4f51b0298b0ac7de5
bash-doc-4.4.19-14.el8.ppc64le.rpm	SHA-256: 42ed0e5f5d0344da1d23475ed5661bd6a07b4328df3ba3a3cb8902ae839be4c5

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4

SRPM
bash-4.4.19-14.el8.src.rpm	SHA-256: 61062b46da34dace0f9e0b9167ef5cea1f4c2bf9c8d46f2c9efade3af6692c5d
ppc64le
bash-4.4.19-14.el8.ppc64le.rpm	SHA-256: 732db5d458ed4cd7308e45658f5c59062eadf4a9e145b26df17dbbb1a1a61618
bash-debuginfo-4.4.19-14.el8.ppc64le.rpm	SHA-256: 09fc0fb42fd38814296a19425a77f7b7c060b2f0df0a509d37ee5c7c46547cd4
bash-debugsource-4.4.19-14.el8.ppc64le.rpm	SHA-256: 7d608b9c4de11898c64bd087874c20cb6bbe1e31a55068c4f51b0298b0ac7de5
bash-doc-4.4.19-14.el8.ppc64le.rpm	SHA-256: 42ed0e5f5d0344da1d23475ed5661bd6a07b4328df3ba3a3cb8902ae839be4c5

Red Hat Enterprise Linux Server - TUS 8.6

SRPM
bash-4.4.19-14.el8.src.rpm	SHA-256: 61062b46da34dace0f9e0b9167ef5cea1f4c2bf9c8d46f2c9efade3af6692c5d
x86_64
bash-4.4.19-14.el8.x86_64.rpm	SHA-256: d6aefd16f938e736ef5f3009bf2c67ef3953a6d82ed9c2e8a405dbd4a2f28d0f
bash-debuginfo-4.4.19-14.el8.x86_64.rpm	SHA-256: 13d5450f9d3ff45d1ca8f50dd5d5c3b78f07f25c017e4b21abf6ccaa8b3e2766
bash-debugsource-4.4.19-14.el8.x86_64.rpm	SHA-256: 1384206ed4fa0664ddf8800aab1c366da8ed218be8a895c5d88b681d547d53c5
bash-doc-4.4.19-14.el8.x86_64.rpm	SHA-256: 8fd0e048478c57e20c00228b87efc4d038da188ad80a3cd7db4886c02685173c

Red Hat Enterprise Linux Server - TUS 8.4

SRPM
bash-4.4.19-14.el8.src.rpm	SHA-256: 61062b46da34dace0f9e0b9167ef5cea1f4c2bf9c8d46f2c9efade3af6692c5d
x86_64
bash-4.4.19-14.el8.x86_64.rpm	SHA-256: d6aefd16f938e736ef5f3009bf2c67ef3953a6d82ed9c2e8a405dbd4a2f28d0f
bash-debuginfo-4.4.19-14.el8.x86_64.rpm	SHA-256: 13d5450f9d3ff45d1ca8f50dd5d5c3b78f07f25c017e4b21abf6ccaa8b3e2766
bash-debugsource-4.4.19-14.el8.x86_64.rpm	SHA-256: 1384206ed4fa0664ddf8800aab1c366da8ed218be8a895c5d88b681d547d53c5
bash-doc-4.4.19-14.el8.x86_64.rpm	SHA-256: 8fd0e048478c57e20c00228b87efc4d038da188ad80a3cd7db4886c02685173c

Red Hat Enterprise Linux for ARM 64 8

SRPM
bash-4.4.19-14.el8.src.rpm	SHA-256: 61062b46da34dace0f9e0b9167ef5cea1f4c2bf9c8d46f2c9efade3af6692c5d
aarch64
bash-4.4.19-14.el8.aarch64.rpm	SHA-256: 8432cb44373e7cdbf1e98dadf0c87c84d6f71c69b6c0dc2ee7c1c63bcd9ae568
bash-debuginfo-4.4.19-14.el8.aarch64.rpm	SHA-256: 67931d1525d0e7f5dbc883ba0f5784d9278562106f625d4fd21234e5b5138e08
bash-debugsource-4.4.19-14.el8.aarch64.rpm	SHA-256: f123fb5694da5805741ad1698d3d442f9ed648a1591cf56458fb34cdc0d5799a
bash-doc-4.4.19-14.el8.aarch64.rpm	SHA-256: f6b6f1c238bc8e8f9e087bfb2fccf81b55f8c2f7b01bdb51a711d48f94672232

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6

SRPM
bash-4.4.19-14.el8.src.rpm	SHA-256: 61062b46da34dace0f9e0b9167ef5cea1f4c2bf9c8d46f2c9efade3af6692c5d
aarch64
bash-4.4.19-14.el8.aarch64.rpm	SHA-256: 8432cb44373e7cdbf1e98dadf0c87c84d6f71c69b6c0dc2ee7c1c63bcd9ae568
bash-debuginfo-4.4.19-14.el8.aarch64.rpm	SHA-256: 67931d1525d0e7f5dbc883ba0f5784d9278562106f625d4fd21234e5b5138e08
bash-debugsource-4.4.19-14.el8.aarch64.rpm	SHA-256: f123fb5694da5805741ad1698d3d442f9ed648a1591cf56458fb34cdc0d5799a
bash-doc-4.4.19-14.el8.aarch64.rpm	SHA-256: f6b6f1c238bc8e8f9e087bfb2fccf81b55f8c2f7b01bdb51a711d48f94672232

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4

SRPM
bash-4.4.19-14.el8.src.rpm	SHA-256: 61062b46da34dace0f9e0b9167ef5cea1f4c2bf9c8d46f2c9efade3af6692c5d
aarch64
bash-4.4.19-14.el8.aarch64.rpm	SHA-256: 8432cb44373e7cdbf1e98dadf0c87c84d6f71c69b6c0dc2ee7c1c63bcd9ae568
bash-debuginfo-4.4.19-14.el8.aarch64.rpm	SHA-256: 67931d1525d0e7f5dbc883ba0f5784d9278562106f625d4fd21234e5b5138e08
bash-debugsource-4.4.19-14.el8.aarch64.rpm	SHA-256: f123fb5694da5805741ad1698d3d442f9ed648a1591cf56458fb34cdc0d5799a
bash-doc-4.4.19-14.el8.aarch64.rpm	SHA-256: f6b6f1c238bc8e8f9e087bfb2fccf81b55f8c2f7b01bdb51a711d48f94672232

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6

SRPM
bash-4.4.19-14.el8.src.rpm	SHA-256: 61062b46da34dace0f9e0b9167ef5cea1f4c2bf9c8d46f2c9efade3af6692c5d
ppc64le
bash-4.4.19-14.el8.ppc64le.rpm	SHA-256: 732db5d458ed4cd7308e45658f5c59062eadf4a9e145b26df17dbbb1a1a61618
bash-debuginfo-4.4.19-14.el8.ppc64le.rpm	SHA-256: 09fc0fb42fd38814296a19425a77f7b7c060b2f0df0a509d37ee5c7c46547cd4
bash-debugsource-4.4.19-14.el8.ppc64le.rpm	SHA-256: 7d608b9c4de11898c64bd087874c20cb6bbe1e31a55068c4f51b0298b0ac7de5
bash-doc-4.4.19-14.el8.ppc64le.rpm	SHA-256: 42ed0e5f5d0344da1d23475ed5661bd6a07b4328df3ba3a3cb8902ae839be4c5

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4

SRPM
bash-4.4.19-14.el8.src.rpm	SHA-256: 61062b46da34dace0f9e0b9167ef5cea1f4c2bf9c8d46f2c9efade3af6692c5d
ppc64le
bash-4.4.19-14.el8.ppc64le.rpm	SHA-256: 732db5d458ed4cd7308e45658f5c59062eadf4a9e145b26df17dbbb1a1a61618
bash-debuginfo-4.4.19-14.el8.ppc64le.rpm	SHA-256: 09fc0fb42fd38814296a19425a77f7b7c060b2f0df0a509d37ee5c7c46547cd4
bash-debugsource-4.4.19-14.el8.ppc64le.rpm	SHA-256: 7d608b9c4de11898c64bd087874c20cb6bbe1e31a55068c4f51b0298b0ac7de5
bash-doc-4.4.19-14.el8.ppc64le.rpm	SHA-256: 42ed0e5f5d0344da1d23475ed5661bd6a07b4328df3ba3a3cb8902ae839be4c5

Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions 8.6

SRPM
bash-4.4.19-14.el8.src.rpm	SHA-256: 61062b46da34dace0f9e0b9167ef5cea1f4c2bf9c8d46f2c9efade3af6692c5d
x86_64
bash-4.4.19-14.el8.x86_64.rpm	SHA-256: d6aefd16f938e736ef5f3009bf2c67ef3953a6d82ed9c2e8a405dbd4a2f28d0f
bash-debuginfo-4.4.19-14.el8.x86_64.rpm	SHA-256: 13d5450f9d3ff45d1ca8f50dd5d5c3b78f07f25c017e4b21abf6ccaa8b3e2766
bash-debugsource-4.4.19-14.el8.x86_64.rpm	SHA-256: 1384206ed4fa0664ddf8800aab1c366da8ed218be8a895c5d88b681d547d53c5
bash-doc-4.4.19-14.el8.x86_64.rpm	SHA-256: 8fd0e048478c57e20c00228b87efc4d038da188ad80a3cd7db4886c02685173c

Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions 8.4

SRPM
bash-4.4.19-14.el8.src.rpm	SHA-256: 61062b46da34dace0f9e0b9167ef5cea1f4c2bf9c8d46f2c9efade3af6692c5d
x86_64
bash-4.4.19-14.el8.x86_64.rpm	SHA-256: d6aefd16f938e736ef5f3009bf2c67ef3953a6d82ed9c2e8a405dbd4a2f28d0f
bash-debuginfo-4.4.19-14.el8.x86_64.rpm	SHA-256: 13d5450f9d3ff45d1ca8f50dd5d5c3b78f07f25c017e4b21abf6ccaa8b3e2766
bash-debugsource-4.4.19-14.el8.x86_64.rpm	SHA-256: 1384206ed4fa0664ddf8800aab1c366da8ed218be8a895c5d88b681d547d53c5
bash-doc-4.4.19-14.el8.x86_64.rpm	SHA-256: 8fd0e048478c57e20c00228b87efc4d038da188ad80a3cd7db4886c02685173c

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation