openSUSE-SU-2014:1308-1: moderate: update for bash

20 Oct 2014

      openSUSE Security Update: update for bash
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2014:1308-1
Rating:             moderate
References:         #896776 #898346 
Cross-References:   CVE-2014-6271 CVE-2014-7169 CVE-2014-7187

Affected Products:
                    openSUSE 12.3
______________________________________________________________________________

   An update that fixes three vulnerabilities is now available.

Description:

   - Replace patches bash-4.2-heredoc-eof-delim.patch and
     bash-4.2-parse-exportfunc.patch with the official upstream patch levels
     bash42-052 and bash42-053

   - Replace patch bash-4.2-CVE-2014-7187.patch with upstream patch level
     bash42-051

   - Make bash-4.2-extra-import-func.patch an optional patch due instruction

   - Remove and replace patches bash-4.2-CVE-2014-6271.patch
     bash-4.2-BSC898604.patch bash-4.2-CVE-2014-7169.patch with bash upstream
     patch 48, patch 49, and patch 50
   - Add patch bash-4.2-extra-import-func.patch which is based on the BSD
     patch of Christos.  As further enhancements the option import-functions
     is mentioned in the manual page and a shopt switch is added to enable
     and disable import-functions on the fly

Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 12.3:

      zypper in -t patch openSUSE-2014-594

   To bring your system up-to-date, use "zypper patch".

Package List:

   - openSUSE 12.3 (i586 x86_64):

      bash-4.2-61.19.1
      bash-debuginfo-4.2-61.19.1
      bash-debugsource-4.2-61.19.1
      bash-devel-4.2-61.19.1
      bash-loadables-4.2-61.19.1
      bash-loadables-debuginfo-4.2-61.19.1
      libreadline6-6.2-61.19.1
      libreadline6-debuginfo-6.2-61.19.1
      readline-devel-6.2-61.19.1

   - openSUSE 12.3 (x86_64):

      bash-debuginfo-32bit-4.2-61.19.1
      libreadline6-32bit-6.2-61.19.1
      libreadline6-debuginfo-32bit-6.2-61.19.1
      readline-devel-32bit-6.2-61.19.1

   - openSUSE 12.3 (noarch):

      bash-doc-4.2-61.19.1
      bash-lang-4.2-61.19.1
      readline-doc-6.2-61.19.1

References:

   http://support.novell.com/security/cve/CVE-2014-6271.html
   http://support.novell.com/security/cve/CVE-2014-7169.html
   http://support.novell.com/security/cve/CVE-2014-7187.html
   https://bugzilla.suse.com/show_bug.cgi?id=896776
   https://bugzilla.suse.com/show_bug.cgi?id=898346

openSUSE-SU-2014:1308-1: moderate: update for bash

opensuse-security＠opensuse.org