Unfixed Code Execution Vulnerability CVE-2016-7543?
I think I must be missing something:
CVE-2016-7543 is a high-impact code execution vulnerability for bash.
https:/
The patch has been released for a few months, and is available as an upstream package in debian: https:/
But I can't find any tracking of whether Canonical maintainers will or intend to release an updated package for the supported operating systems. I thought maybe it was fixed in a later release or is otherwise deemed to be not-applicable. But as far as I can tell, the issue is still open.
An open high danger (CVSS 3 Score: 8.4) CVE shows up on all our security scans. Is there any sanctioned way to address this? Is an updated package planned?
Question information
- Language:
- English Edit question
- Status:
- Answered
- For:
- Ubuntu bash Edit question
- Assignee:
- No assignee Edit question
- Last query:
- Last reply:
Can you help with this problem?
Provide an answer of your own, or ask Luminousbit for more information if necessary.