|Related CVE||CVE-2016-9401 CVE-2019-9924|
Two issues have been fixed in bash, the GNU Bourne-Again Shell:
The popd builtin segfaulted when called with negative out of range offsets.
Sylvain Beucler discovered that it was possible to call commands that contained a slash when in restricted mode (rbash) by adding them to the BASH_CMDS array.
For Debian 7 Wheezy, these problems have been fixed in version 4.2+dfsg-0.1+deb7u5.
We recommend that you upgrade your bash packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/