SUSE: 2014:1247-1 Important: Bash Injection Security Issues

suse

September 28, 2014

An update that fixes three vulnerabilities is now available

Summary

The command-line shell 'bash' evaluates environment variables, which allows the injection of characters and might be used to access files on the system in some circumstances (CVE-2014-7169). Please note that this issue is different from a previously fixed vulnerability tracked under CVE-2014-6271 and is less serious due to the special, non-default system configuration that is needed to create an exploitable situation. To remove further exploitation potential we now limit the function-in-environment variable to variables prefixed with BASH_FUNC_. This hardening feature is work in progress and might be improved in later updates. Additionally, two other security issues have been fixed: * CVE-2014-7186: Nested HERE documents could lead to a crash of bash.

Topics Covered

security advisory system crash important security issue SUSE Linux Enterprise bash injection

References

#898346 #898603 #898604

Cross- CVE-2014-7169 CVE-2014-7186 CVE-2014-7187

Affected Products:

SUSE Linux Enterprise Software Development Kit 11 SP3

SUSE Linux Enterprise Server 11 SP3 for VMware

SUSE Linux Enterprise Server 11 SP3

SUSE Linux Enterprise Server 11 SP2 LTSS

SUSE Linux Enterprise Server 11 SP1 LTSS

SUSE Linux Enterprise Server 10 SP4 LTSS

SUSE Linux Enterprise Server 10 SP3 LTSS

SUSE Linux Enterprise Desktop 11 SP3

https://www.suse.com/security/cve/CVE-2014-7169.html

https://www.suse.com/security/cve/CVE-2014-7186.html

https://www.suse.com/security/cve/CVE-2014-7187.html

https://bugzilla.suse.com/show_bug.cgi?id=898346

https://bugzilla.suse.com/show_bug.cgi?id=898603

https://bugzilla.suse.com/show_bug.cgi?id=898604

https://scc.suse.com:443/patches/

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2014:1247-1

Rating: important

Topics Covered

security advisory system crash important security issue SUSE Linux Enterprise bash injection

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2014:1247-1 Important: Bash Injection Security Issues

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2014:1247-1 Important: Bash Injection Security Issues

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!