ksh-93vu-10.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:14252-1 Final 1 1 2024-08-09T00:00:00Z current 2024-08-09T00:00:00Z 2024-08-09T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z ksh-93vu-10.1 on GA media These are all security issues fixed in the ksh-93vu-10.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-14252 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2019-14868/ SUSE CVE CVE-2019-14868 page openSUSE Tumbleweed ksh-93vu-10.1 ksh-devel-93vu-10.1 ksh-93vu-10.1 as a component of openSUSE Tumbleweed ksh-devel-93vu-10.1 as a component of openSUSE Tumbleweed In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely. CVE-2019-14868 openSUSE Tumbleweed:ksh-93vu-10.1 openSUSE Tumbleweed:ksh-devel-93vu-10.1 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-14868.html CVE-2019-14868 https://bugzilla.suse.com/1160796 SUSE Bug 1160796