SCIENTIFIC-LINUX-ERRATA Archives

September 2014

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Critical: bash on SL5.x, SL6.x i386/x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Wed, 24 Sep 2014 16:12:56 +0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (35 lines) 
Synopsis:          Critical: bash security update
Advisory ID:       SLSA-2014:1293-1
Issue Date:        2014-09-24
CVE Numbers:       CVE-2014-6271
--

A flaw was found in the way Bash evaluated certain specially crafted
environment variables. An attacker could use this flaw to override or
bypass environment restrictions to execute shell commands. Certain
services and applications allow remote unauthenticated attackers to
provide environment variables, allowing them to exploit this issue.
(CVE-2014-6271)

For additional information on the CVE-2014-6271 flaw, refer to https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
--

SL5
  x86_64
    bash-3.2-33.el5.1.x86_64.rpm
    bash-debuginfo-3.2-33.el5.1.x86_64.rpm
  i386
    bash-3.2-33.el5.1.i386.rpm
    bash-debuginfo-3.2-33.el5.1.i386.rpm
SL6
  x86_64
    bash-4.1.2-15.el6_5.1.x86_64.rpm
    bash-debuginfo-4.1.2-15.el6_5.1.x86_64.rpm
    bash-doc-4.1.2-15.el6_5.1.x86_64.rpm
  i386
    bash-4.1.2-15.el6_5.1.i686.rpm
    bash-debuginfo-4.1.2-15.el6_5.1.i686.rpm
    bash-doc-4.1.2-15.el6_5.1.i686.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2