You are here
Home > Preporuke > Kritična ranjivost programskog paketa bash

Kritična ranjivost programskog paketa bash

openSUSE Security Update: Important security fix for bash that allows the injection of commands.
______________________________________________________________________________

Announcement ID: openSUSE-SU-2014:1238-1
Rating: important
References: #896776
Cross-References: CVE-2014-6271
Affected Products:
openSUSE Evergreen 11.4
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update fixes a bug in the bash shell that allows an attacker to
execute arbitrary commands upon shell invocation if he can control the
shell’s environment. This is particularly dangerous if the shell is used
as a cgi interpreter for a web server, or if the shell handles untrusted
input inherited in the environment from other sources.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Evergreen 11.4:

zypper in -t patch 2014-86

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Evergreen 11.4 (i586 x86_64):

bash-4.1-20.31.1
bash-debuginfo-4.1-20.31.1
bash-debugsource-4.1-20.31.1
bash-devel-4.1-18.31.1
bash-loadables-4.1-18.31.1
bash-loadables-debuginfo-4.1-18.31.1
libreadline6-6.1-18.31.1
libreadline6-debuginfo-6.1-18.31.1
readline-devel-6.1-18.31.1

– openSUSE Evergreen 11.4 (x86_64):

bash-debuginfo-32bit-4.1-20.31.1
libreadline6-32bit-6.1-18.31.1
libreadline6-debuginfo-32bit-6.1-18.31.1
readline-devel-32bit-6.1-18.31.1

– openSUSE Evergreen 11.4 (noarch):

bash-doc-4.1-18.31.1
bash-lang-4.1-20.31.1
readline-doc-6.1-18.31.1

– openSUSE Evergreen 11.4 (ia64):

bash-debuginfo-x86-4.1-20.31.1
bash-x86-4.1-20.31.1
libreadline6-debuginfo-x86-6.1-18.31.1
libreadline6-x86-6.1-18.31.1

References:

http://support.novell.com/security/cve/CVE-2014-6271.html
https://bugzilla.suse.com/show_bug.cgi?id=896776


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

openSUSE Security Update: update for bash
______________________________________________________________________________

Announcement ID: openSUSE-SU-2014:1248-1
Rating: important
References: #896776
Affected Products:
openSUSE Evergreen 11.4
______________________________________________________________________________

An update that contains security fixes can now be installed.

Description:

This update for bash completely disables the importing of shell functions
from the environment and thereby remove the exposure of the parser from
untrusted/harmful environment.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Evergreen 11.4:

zypper in -t patch 2014-90

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Evergreen 11.4 (i586 x86_64):

bash-4.1-20.35.1
bash-debuginfo-4.1-20.35.1
bash-debugsource-4.1-20.35.1
bash-devel-4.1-18.35.1
bash-loadables-4.1-18.35.1
bash-loadables-debuginfo-4.1-18.35.1
libreadline6-6.1-18.35.1
libreadline6-debuginfo-6.1-18.35.1
readline-devel-6.1-18.35.1

– openSUSE Evergreen 11.4 (x86_64):

bash-debuginfo-32bit-4.1-20.35.1
libreadline6-32bit-6.1-18.35.1
libreadline6-debuginfo-32bit-6.1-18.35.1
readline-devel-32bit-6.1-18.35.1

– openSUSE Evergreen 11.4 (noarch):

bash-doc-4.1-18.35.1
bash-lang-4.1-20.35.1
readline-doc-6.1-18.35.1

– openSUSE Evergreen 11.4 (ia64):

bash-debuginfo-x86-4.1-20.35.1
bash-x86-4.1-20.35.1
libreadline6-debuginfo-x86-6.1-18.35.1
libreadline6-x86-6.1-18.35.1

References:

https://bugzilla.suse.com/show_bug.cgi?id=896776


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Ranjivost programskog paketa nss

Otkrivena je kritična ranjivost u skupu programskih biblioteka - NSS (Network Security Services), a očitovala se neispravnim parsiranjem ASN.1 vrijednosti...

Close