Mailinglist Archive: opensuse-security (24 mails)

< Previous Next >
Re: [opensuse-security] Re: [security-announce] SUSE-SU-2014:1247-1: important: Security update for bash
On 08.10.2014 12:49, Joe Schönberg wrote:
Hello Chris,

Am Mittwoch, 8. Oktober 2014 12:23:22 schrieb Chris Ellis:


Rather than asking the openSUSE community, would it not be better to ask
SUSE,
if you've got a support agreement with them, then raise a ticket.

Maybe you're right, but the SLES alerts and patch instruction regarding bash
for my system could be found in this list but didn't work so I think it's a
good place to ask.

zypper update bash

results in

"No update candidate for 'bash-3.2-147.14.18.1.x86_64'. The highest available
version is already installed."


Please try:
-----------------------------------------------------------------
root@test # rpm -q --changelog bash| head -n 14
* Fr Sep 26 2014 werner@xxxxxxx
- Add patches
bash-3.2-BSC898604.patch for bsc#898604: functions via environment
hardening
bash-3.2-CVE-2014-7169.patch for bsc#898346, CVE-2014-7169:
incremental parsing fix for function environment issue
bash-3.2-CVE-2014-7187.patch for bsc#898603, CVE-2014-7186,
CVE-2014-7187: bad handling of HERE documents and for loop issue

* Do Sep 18 2014 werner@xxxxxxx
- Add bash-4.2-CVE-2014-6271.patch
to fix CVE-2014-6271, the unexpected code execution with
environment variables (bnc#896776)
--------------------------------------------------------------



If it is not the case, please contact the SUSE support.

Bye,
Thomas


Joe



--
Thomas Biege <thomas@xxxxxxx>, Team Leader MaintenanceSecurity, CSSLP
SUSE LINUX Products GmbH
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer
HRB 21284 (AG Nürnberg)
--
Wer aufhoert besser werden zu wollen, hoert auf gut zu sein.
-- Marie von Ebner-Eschenbach

< Previous Next >
Follow Ups