Fedora 21 Security Update: mksh-50c-1.fc21

Resolved Bugs
1149626 – mksh: do not permit += from environment
1149627 – mksh: do not permit += from environment [fedora-all]<br
R50c is a security fix release:
* Know more rare signals when generating sys_signame[] replacement
* OpenBSD sync (mostly RCSID only)
* Document HISTSIZE limit; found by luigi_345 on IRC
* Fix link to Debian .mkshrc
* Cease exporting $RANDOM (Debian #760857)
* Fix C99 compatibility
* Work around klibc bug causing a coredump (Debian #763842)
* Use issetugid(2) as additional check if we are FPRIVILEGED
* SECURITY: do not permit += from environment
* Fix more field splitting bugs reported by Stephane Chazelas and mikeserv; document current status wrt. ambiguous ones as testcases too

Leave a Reply