What Are You Looking For?

Sign Up
Date:         Tue, 23 Sep 2014 09:20:13 -0500
Reply-To:     Bonnie King 
Sender:       Security Errata for Scientific Linux
              
From:         Bonnie King 
Subject:      FASTBUGS for SL 6x i386, x86_64 now available
Comments: To: scientific-linux-errata@fnal.gov
In-Reply-To:  <54184186.8070708@fnal.gov>
MIME-Version: 1.0

The following FASTBUGS have been uploaded to


i386:
device-mapper-multipath-0.4.9-72.el6_5.4.i686.rpm
device-mapper-multipath-libs-0.4.9-72.el6_5.4.i686.rpm
hwloc-1.5-3.el6_5.i686.rpm
hwloc-devel-1.5-3.el6_5.i686.rpm
kpartx-0.4.9-72.el6_5.4.i686.rpm

x86_64:
device-mapper-multipath-0.4.9-72.el6_5.4.x86_64.rpm
device-mapper-multipath-libs-0.4.9-72.el6_5.4.x86_64.rpm
hwloc-1.5-3.el6_5.i686.rpm
hwloc-1.5-3.el6_5.x86_64.rpm
hwloc-devel-1.5-3.el6_5.i686.rpm
hwloc-devel-1.5-3.el6_5.x86_64.rpm
kpartx-0.4.9-72.el6_5.4.x86_64.rpm
Date:         Wed, 24 Sep 2014 16:12:56 +0000
Reply-To:     scientific-linux-users@listserv.fnal.gov
Sender:       Security Errata for Scientific Linux
              
From:         Pat Riehecky 
Subject:      Security ERRATA Critical: bash on SL5.x, SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis:          Critical: bash security update
Advisory ID:       SLSA-2014:1293-1
Issue Date:        2014-09-24
CVE Numbers:       CVE-2014-6271
--

A flaw was found in the way Bash evaluated certain specially crafted
environment variables. An attacker could use this flaw to override or
bypass environment restrictions to execute shell commands. Certain
services and applications allow remote unauthenticated attackers to
provide environment variables, allowing them to exploit this issue.
(CVE-2014-6271)

For additional information on the CVE-2014-6271 flaw, refer to https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
--

SL5
  x86_64
    bash-3.2-33.el5.1.x86_64.rpm
    bash-debuginfo-3.2-33.el5.1.x86_64.rpm
  i386
    bash-3.2-33.el5.1.i386.rpm
    bash-debuginfo-3.2-33.el5.1.i386.rpm
SL6
  x86_64
    bash-4.1.2-15.el6_5.1.x86_64.rpm
    bash-debuginfo-4.1.2-15.el6_5.1.x86_64.rpm
    bash-doc-4.1.2-15.el6_5.1.x86_64.rpm
  i386
    bash-4.1.2-15.el6_5.1.i686.rpm
    bash-debuginfo-4.1.2-15.el6_5.1.i686.rpm
    bash-doc-4.1.2-15.el6_5.1.i686.rpm

- Scientific Linux Development Team

SciLinux: CVE-2014-6271 Critical: bash SL5.x, SL6.x i386/x86_64

Critical: bash security update

Summary

Critical: bash security update



Security Fixes

Severity
Advisory ID: SLSA-2014:1293-1
Issued Date: : 2014-09-24
CVE Numbers: CVE-2014-6271
A flaw was found in the way Bash evaluated certain specially crafted

Related News

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In

Nov 25, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024

About Us

Powered By

Footer Logo