openSUSE Security Update: Important security fix for bash that allows the injection of commands. ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:1238-1 Rating: important References: #896776 Cross-References: CVE-2014-6271 Affected Products: openSUSE Evergreen 11.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes a bug in the bash shell that allows an attacker to execute arbitrary commands upon shell invocation if he can control the shell's environment. This is particularly dangerous if the shell is used as a cgi interpreter for a web server, or if the shell handles untrusted input inherited in the environment from other sources. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Evergreen 11.4: zypper in -t patch 2014-86 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Evergreen 11.4 (i586 x86_64): bash-4.1-20.31.1 bash-debuginfo-4.1-20.31.1 bash-debugsource-4.1-20.31.1 bash-devel-4.1-18.31.1 bash-loadables-4.1-18.31.1 bash-loadables-debuginfo-4.1-18.31.1 libreadline6-6.1-18.31.1 libreadline6-debuginfo-6.1-18.31.1 readline-devel-6.1-18.31.1 - openSUSE Evergreen 11.4 (x86_64): bash-debuginfo-32bit-4.1-20.31.1 libreadline6-32bit-6.1-18.31.1 libreadline6-debuginfo-32bit-6.1-18.31.1 readline-devel-32bit-6.1-18.31.1 - openSUSE Evergreen 11.4 (noarch): bash-doc-4.1-18.31.1 bash-lang-4.1-20.31.1 readline-doc-6.1-18.31.1 - openSUSE Evergreen 11.4 (ia64): bash-debuginfo-x86-4.1-20.31.1 bash-x86-4.1-20.31.1 libreadline6-debuginfo-x86-6.1-18.31.1 libreadline6-x86-6.1-18.31.1 References: http://support.novell.com/security/cve/CVE-2014-6271.html https://bugzilla.suse.com/show_bug.cgi?id=896776 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org