Description
* An arbitrary command injection flaw was found in the way bash processed the
hostname value. A malicious DHCP server could use this flaw to execute arbitrary
commands on the DHCP client machines running bash under specific circumstances.
(CVE-2016-0634)
* An arbitrary command injection flaw was found in the way bash processed the
SHELLOPTS and PS4 environment variables. A local, authenticated attacker could
use this flaw to exploit poorly written setuid programs to elevate their
privileges under certain circumstances. (CVE-2016-7543)
* A denial of service flaw was found in the way bash handled popd commands. A
poorly written shell script could cause bash to crash resulting in a local
denial of service limited to a specific bash session. (CVE-2016-9401)