A vulnerability was found in GNU bash. A maliciously crafted file could allow an arbitrary code execution through user trying to use the autocomplete feature. External References: https://github.com/jheyens/bash_completion_vuln/blob/master/2017-01-17.bash_completion_report.pdf References: http://seclists.org/oss-sec/2017/q1/334 Upstream patch: http://git.savannah.gnu.org/cgit/bash.git/commit/?id=4f747edc625815f449048579f6e65869914dd715
Statement: This issue did not affect the versions of bash as shipped with Red Hat Enterprise Linux as they did not include the commit which introduced it.