В Fri, 27 Mar 2015 17:03:10 -0700
Lew Wolfgang
Hi Folks,
I'm having to maintain a 13.2 box with a requirement to run Nessus scans on it. Nessus is complaining about bash related CVE-2014-6271 and related issues. The fix is mentioned here:
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html
but "zypper in -t patch openSUSE-2014-567" says "patch non-existent or not needed".
Nessus identifies the installed bash as bash-4.2-75.3.1, but says it should be bash-4.2-75.4.1.
This doesn't work either:
zypper patch --cve=CVE-2014-6217
Is there something wrong with the repositories, or is Nessus barking up the wrong tree?
This is on a fresh 13.2 x86-64 system.
There is no patch for 13.2 because it had been fixed before 13.2 was even released: * Thu Sep 18 2014 werner@suse.de - Add bash-4.2-CVE-2014-6271.patch to fix CVE-2014-6271, the unexpected code execution with environment variables (bnc#896776) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org