An update for bash is now available for openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-2100 Final 1.0 1.0 2022-11-18 Initial 2022-11-18 2022-11-18 openEuler SA Tool V1.0 2022-11-18 bash security update An update for bash is now available for openEuler-22.03-LTS. Bash is the GNU Project's shell. Bash is the Bourne Again SHell. Bash is an sh-compatible shell that incorporates useful features from the Korn shell (ksh) and C shell (csh). It is intended to conform to the IEEE POSIX P1003.2/ISO 9945.2 Shell and Tools standard. It offers functional improvements over sh for both programming and interactive use. In addition, most sh scripts can be run by Bash without modification. Security Fix(es): A flaw was found in the bash package, where a heap-buffer overflow can occur in valid_parameter_transform. This issue may lead to memory problems.(CVE-2022-3715) An update for bash is now available for openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of low. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Low bash https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2100 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3715 https://nvd.nist.gov/vuln/detail/CVE-2022-3715 openEuler-22.03-LTS bash-debugsource-5.1.8-6.oe2203.aarch64.rpm bash-devel-5.1.8-6.oe2203.aarch64.rpm bash-debuginfo-5.1.8-6.oe2203.aarch64.rpm bash-5.1.8-6.oe2203.aarch64.rpm bash-help-5.1.8-6.oe2203.noarch.rpm bash-5.1.8-6.oe2203.src.rpm bash-debugsource-5.1.8-6.oe2203.x86_64.rpm bash-debuginfo-5.1.8-6.oe2203.x86_64.rpm bash-5.1.8-6.oe2203.x86_64.rpm bash-devel-5.1.8-6.oe2203.x86_64.rpm A heap-buffer-overflow in valid_parameter_transform function. 2022-11-18 CVE-2022-3715 openEuler-22.03-LTS Low 4.0 AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H bash security update 2022-11-18 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2100