Mailinglist Archive: opensuse-updates (40 mails)

< Previous Next >
openSUSE-SU-2014:1310-1: moderate: update for bash
openSUSE Security Update: update for bash
______________________________________________________________________________

Announcement ID: openSUSE-SU-2014:1310-1
Rating: moderate
References: #898812 #898884
Cross-References: CVE-2014-6271 CVE-2014-6277 CVE-2014-6278
CVE-2014-7169 CVE-2014-7187
Affected Products:
openSUSE 13.1
______________________________________________________________________________

An update that fixes 5 vulnerabilities is now available.

Description:

- Replace patches bash-4.2-heredoc-eof-delim.patch and
bash-4.2-parse-exportfunc.patch with the official upstream patch levels
bash42-052 and bash42-053

- Replace patch bash-4.2-CVE-2014-7187.patch with upstream patch level
bash42-051

- Add patches bash-4.2-heredoc-eof-delim.patch for bsc#898812,
CVE-2014-6277: more troubles with functions
bash-4.2-parse-exportfunc.patch for bsc#898884, CVE-2014-6278: code
execution after original 6271 fix

- Make bash-4.2-extra-import-func.patch an optional patch due instruction

- Remove and replace patches bash-4.2-CVE-2014-6271.patch
bash-4.2-BSC898604.patch bash-4.2-CVE-2014-7169.patch with bash upstream
patch 48, patch 49, and patch 50
- Add patch bash-4.2-extra-import-func.patch which is based on the BSD
patch of Christos. As further enhancements the option import-functions
is mentioned in the manual page and a shopt switch is added to enable
and disable import-functions on the fly


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch openSUSE-2014-595

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.1 (i586 x86_64):

bash-4.2-68.12.1
bash-debuginfo-4.2-68.12.1
bash-debugsource-4.2-68.12.1
bash-devel-4.2-68.12.1
bash-loadables-4.2-68.12.1
bash-loadables-debuginfo-4.2-68.12.1
libreadline6-6.2-68.12.1
libreadline6-debuginfo-6.2-68.12.1
readline-devel-6.2-68.12.1

- openSUSE 13.1 (x86_64):

bash-debuginfo-32bit-4.2-68.12.1
libreadline6-32bit-6.2-68.12.1
libreadline6-debuginfo-32bit-6.2-68.12.1
readline-devel-32bit-6.2-68.12.1

- openSUSE 13.1 (noarch):

bash-doc-4.2-68.12.1
bash-lang-4.2-68.12.1
readline-doc-6.2-68.12.1


References:

http://support.novell.com/security/cve/CVE-2014-6271.html
http://support.novell.com/security/cve/CVE-2014-6277.html
http://support.novell.com/security/cve/CVE-2014-6278.html
http://support.novell.com/security/cve/CVE-2014-7169.html
http://support.novell.com/security/cve/CVE-2014-7187.html
https://bugzilla.suse.com/show_bug.cgi?id=898812
https://bugzilla.suse.com/show_bug.cgi?id=898884


< Previous Next >
This Thread
  • No further messages