Shells running as root inherited PS4 from the environment, allowing PS4 expansion performing command substitution. Local attacker could gain arbitrary code execution via bogus setuid binaries using system()/popen() by specially crafting SHELLOPTS+PS4 environment variables. Public announcement: http://seclists.org/oss-sec/2016/q3/617
Created bash tracking bugs for this issue: Affects: fedora-all [bug 1379634]
Upstream patch (for bash-4.3): http://lists.gnu.org/archive/html/bug-bash/2016-10/msg00009.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2017:0725 https://rhn.redhat.com/errata/RHSA-2017-0725.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:1931 https://access.redhat.com/errata/RHSA-2017:1931