Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 488
Alerts This Week
Warning Icon 1 488

Ubuntu 14.04 LTS: USN-2380-1 Severe: Bash Code Execution Risk

ubuntu
Calendar Grey October 9, 2014
Scroller Ubuntu
A series of vulnerabilities in Bash addressed in recent Ubuntu updates affecting several iterations, posing risks for arbitrary code execution.
Several security issues were fixed in Bash.

Summary

Several security issues were fixed in Bash.

Software Description:

- bash: GNU Bourne Again SHell

Details:

Michal Zalewski discovered that Bash incorrectly handled parsing certain

function definitions. If an attacker were able to create an environment

variable containing a function definition with a very specific name, these

issues could possibly be used to bypass certain environment restrictions

and execute arbitrary code. (CVE-2014-6277, CVE-2014-6278)

Please note that the previous Bash security update, USN-2364-1, includes

a hardening measure that prevents these issues from being used in a

Shellshock attack.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  bash                            4.3-7ubuntu1.5

Ubuntu 12.04 LTS:
  bash                            4.2-2ubuntu2.6

Ubuntu 10.04 LTS:
  bash                            4.1-2ubuntu3.5

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2380-1

CVE-2014-6277, CVE-2014-6278

Severity
critical
Lowest
Low
Medium
High
Critical

October 09, 2014

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.