Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Scientific Linux: SLSA-2014:1293-1 Critical Bash Remote Exec Issue

Calendar Sep 24, 2014 User Avatar LinuxSecurity Advisories
2 - 3 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory security update critical remote code execution bash CVE issue scientific linux
Critical: bash security update 
Date: Tue, 23 Sep 2014 09:20:13 -0500
Reply-To: Bonnie King 
Sender: Security Errata for Scientific Linux
 
From: Bonnie King 
Subject: FASTBUGS for SL 6x i386, x86_64 now available
Comments: To: This email address is being protected from spambots. You need JavaScript enabled to view it.
In-Reply-To: <54184186.8070708@fnal.gov>
MIME-Version: 1.0

The following FASTBUGS have been uploaded to

i386:
device-mapper-multipath-0.4.9-72.el6_5.4.i686.rpm
device-mapper-multipath-libs-0.4.9-72.el6_5.4.i686.rpm
hwloc-1.5-3.el6_5.i686.rpm
hwloc-devel-1.5-3.el6_5.i686.rpm
kpartx-0.4.9-72.el6_5.4.i686.rpm

x86_64:
device-mapper-multipath-0.4.9-72.el6_5.4.x86_64.rpm
device-mapper-multipath-libs-0.4.9-72.el6_5.4.x86_64.rpm
hwloc-1.5-3.el6_5.i686.rpm
hwloc-1.5-3.el6_5.x86_64.rpm
hwloc-devel-1.5-3.el6_5.i686.rpm
hwloc-devel-1.5-3.el6_5.x86_64.rpm
kpartx-0.4.9-72.el6_5.4.x86_64.rpm
Date: Wed, 24 Sep 2014 16:12:56 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Critical: bash on SL5.x, SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Critical: bash security update
Advisory ID: SLSA-2014:1293-1
Issue Date: 2014-09-24
CVE Numbers: CVE-2014-6271
--

A flaw was found in the way Bash evaluated certain specially crafted
environment variables. An attacker could use this flaw to override or
bypass environment restrictions to execute shell commands. Certain
services and applications allow remote unauthenticated attackers to
provide environment variables, allowing them to exploit this issue.
(CVE-2014-6271)

For additional information on the CVE-2014-6271 flaw, refer to https://www.redhat.com/en/blog/bash-specially-crafted-environment-variables-code-injection-attack
--

SL5
 x86_64
 bash-3.2-33.el5.1.x86_64.rpm
 bash-debuginfo-3.2-33.el5.1.x86_64.rpm
 i386
 bash-3.2-33.el5.1.i386.rpm
 bash-debuginfo-3.2-33.el5.1.i386.rpm
SL6
 x86_64
 bash-4.1.2-15.el6_5.1.x86_64.rpm
 bash-debuginfo-4.1.2-15.el6_5.1.x86_64.rpm
 bash-doc-4.1.2-15.el6_5.1.x86_64.rpm
 i386
 bash-4.1.2-15.el6_5.1.i686.rpm
 bash-debuginfo-4.1.2-15.el6_5.1.i686.rpm
 bash-doc-4.1.2-15.el6_5.1.i686.rpm

- Scientific Linux Development Team
Your message here