[security-announce] SUSE-SU-2014:1223-1: critical: Security update for bash

[news 28]

SUSE Security Update: Security update for bash

______________________________________________________________________________

 

Announcement ID: SUSE-SU-2014:1223-1

Rating: critical

References: #896776

Cross-References: CVE-2014-6271

Affected Products:

SUSE Manager 1.7 for SLE 11 SP2

______________________________________________________________________________

 

An update that fixes one vulnerability is now available.

 

Description:

 

 

bash has been updated to fix a critical security issue.

 

In some circumstances, the shell would evaluate shellcode in environment

variables passed at startup time. This allowed code execution by local or

remote attackers who could pass environment variables to bash scripts.

(CVE-2014-6271)

 

Security Issues:

 

* CVE-2014-6271

 

 

 

Patch Instructions:

 

To install this SUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- SUSE Manager 1.7 for SLE 11 SP2:

 

zypper in -t patch sleman17sp2-bash-9764

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- SUSE Manager 1.7 for SLE 11 SP2 (x86_64):

 

bash-3.2-147.14.20.1

bash-doc-3.2-147.14.20.1

libreadline5-32bit-5.2-147.14.20.1

libreadline5-5.2-147.14.20.1

readline-doc-5.2-147.14.20.1

 

 

References:

 

http://support.novell.com/security/cve/CVE-2014-6271.html

https://bugzilla.suse.com/896776

http://download.suse.com/patch/finder/?keywords=634668818756ed213c0d0c593816875e

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org