Alerts This Week
Warning Icon 1 541
Alerts This Week
Warning Icon 1 541

SUSE: 2014:1223-1 Important: Risk of Bash Code Execution Vulnerability

suse
Calendar Grey September 27, 2014
Dist Suse Esm H88
SUSE Security Bulletin reveals an urgent patch for bash, addressing a significant vulnerability impacting SUSE Manager.
An update that fixes one vulnerability is now available

Summary

bash has been updated to fix a critical security issue. In some circumstances, the shell would evaluate shellcode in environment variables passed at startup time. This allowed code execution by local or remote attackers who could pass environment variables to bash scripts. (CVE-2014-6271) Security Issues: * CVE-2014-6271 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-bash-9764 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 1.7 for SLE 11 SP2 (x86_64): bash-3.2-147.14.20.1 bash-doc-3.2-147.14.20.1 libreadline5-32bit-5.2-147.14.20.1

Topics%20covered

Topics Covered

security advisory security issue critical code execution patch bash SUSE Manager

References

#896776

Cross- CVE-2014-6271

Affected Products:

SUSE Manager 1.7 for SLE 11 SP2

https://www.suse.com/security/cve/CVE-2014-6271.html

https://bugzilla.suse.com/show_bug.cgi?id=896776

https://scc.suse.com:443/patches/

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2014:1223-1
Rating: critical

Topics%20covered

Topics Covered

security advisory security issue critical code execution patch bash SUSE Manager

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here