Mailinglist Archive: opensuse-security-announce (50 mails)

< Previous Next >
[security-announce] openSUSE-SU-2014:1238-1: important: Important security fix for bash that allows the injection of commands.
openSUSE Security Update: Important security fix for bash that allows the
injection of commands.
______________________________________________________________________________

Announcement ID: openSUSE-SU-2014:1238-1
Rating: important
References: #896776
Cross-References: CVE-2014-6271
Affected Products:
openSUSE Evergreen 11.4
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update fixes a bug in the bash shell that allows an attacker to
execute arbitrary commands upon shell invocation if he can control the
shell's environment. This is particularly dangerous if the shell is used
as a cgi interpreter for a web server, or if the shell handles untrusted
input inherited in the environment from other sources.


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE Evergreen 11.4:

zypper in -t patch 2014-86

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE Evergreen 11.4 (i586 x86_64):

bash-4.1-20.31.1
bash-debuginfo-4.1-20.31.1
bash-debugsource-4.1-20.31.1
bash-devel-4.1-18.31.1
bash-loadables-4.1-18.31.1
bash-loadables-debuginfo-4.1-18.31.1
libreadline6-6.1-18.31.1
libreadline6-debuginfo-6.1-18.31.1
readline-devel-6.1-18.31.1

- openSUSE Evergreen 11.4 (x86_64):

bash-debuginfo-32bit-4.1-20.31.1
libreadline6-32bit-6.1-18.31.1
libreadline6-debuginfo-32bit-6.1-18.31.1
readline-devel-32bit-6.1-18.31.1

- openSUSE Evergreen 11.4 (noarch):

bash-doc-4.1-18.31.1
bash-lang-4.1-20.31.1
readline-doc-6.1-18.31.1

- openSUSE Evergreen 11.4 (ia64):

bash-debuginfo-x86-4.1-20.31.1
bash-x86-4.1-20.31.1
libreadline6-debuginfo-x86-6.1-18.31.1
libreadline6-x86-6.1-18.31.1


References:

http://support.novell.com/security/cve/CVE-2014-6271.html
https://bugzilla.suse.com/show_bug.cgi?id=896776

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages