CVE-2016-7543

Published: 19 January 2017

Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.

Priority

Medium

CVSS 3 base score: 8.4

Status

Package Release Status
bash
Launchpad, Ubuntu, Debian
Upstream
Released (4.4)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (4.3-14ubuntu1.2)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (4.3-7ubuntu1.7)
Patches:
Upstream: https://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-048