Alerts This Week
Warning Icon 1 659
Alerts This Week
Warning Icon 1 659

Ubuntu 14.04 LTS USN-2363-3 Severe: Bash Exploit Circumvent Issue

Calendar Sep 26, 2014 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory critical security fix ubuntu bypass bash environment restriction
Bash allowed bypassing environment restrictions in certain environments. 
=========================================================================Ubuntu Security Notice USN-2363-2
September 26, 2014

bash vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Bash allowed bypassing environment restrictions in certain environments.

Software Description:
- bash: GNU Bourne Again SHell

Details:

USN-2363-1 fixed a vulnerability in Bash. Due to a build issue, the patch
for CVE-2014-7169 didn't get properly applied in the Ubuntu 14.04 LTS
package. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

 Tavis Ormandy discovered that the security fix for Bash included in
 USN-2362-1 was incomplete. An attacker could use this issue to bypass
 certain environment restrictions. (CVE-2014-7169)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  bash                            4.3-7ubuntu1.3

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-2363-2
  https://ubuntu.com/security/notices/USN-2363-1
  CVE-2014-7169

Package Information:
  https://launchpad.net/ubuntu/+source/bash/4.3-7ubuntu1.3

Ubuntu 14.04 LTS USN-2363-3 Severe: Bash Exploit Circumvent Issue

ubuntu
Calendar Grey September 26, 2014
Dist Ubuntu Esm H88
Debian Security Advisory DSA-4841-1 tackles a significant Bash vulnerability that enables circumventing environmental limitations.
Bash allowed bypassing environment restrictions in certain environments.

Summary

Topics%20covered

Topics Covered

security advisory critical security fix ubuntu bypass bash environment restriction

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: bash 4.3-7ubuntu1.3 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2363-2

https://ubuntu.com/security/notices/USN-2363-1

CVE-2014-7169

Severity
critical
Lowest
Low
Medium
High
Critical

September 26, 2014

Topics%20covered

Topics Covered

security advisory critical security fix ubuntu bypass bash environment restriction

Package Information

https://launchpad.net/ubuntu/+source/bash/4.3-7ubuntu1.3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here