BASH - CVE-2014-6271
Yann Rouillard
yann at pleiades.fr.eu.org
Fri Sep 26 21:14:13 CEST 2014
Hi Upendra,
FYI, the new security fix is out. The last opencsw bash
package, bash-4.3.25,REV=2014.09.26, contains that fix and is not
vulnerable to CVE-2014-7169
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169>. It should
land soon in stable, testing and unstable repositories on all opencsw
mirrors.
Yann
2014-09-25 13:45 GMT+02:00 upen <upendra.gandhi at gmail.com>:
> Hi Dan and Yann,
>
> On Thu, Sep 25, 2014 at 2:15 AM, Yann Rouillard <yann at pleiades.fr.eu.org>
> wrote:
> > Hi,
> >
> > Yes, it is vulnerable.
> > But bash-4.3.25,REV=2014.09.25 mitigates this security issue, you will
> find
> > this package in my experimental repository
> > http://buildfarm.opencsw.org/opencsw/experimental/yann and it will soon
> land
> > in unstable and testing repositories.
> >
> > However the story is not finished as the current fix doesn't yet solve
> all
> > the problems, another CVE has been issued to track the remaining ones:
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
> >
> > Expect another update when the new security fix is out.
> >
> > Yann
> >
>
> Thank you very much for that information. Meanwhile I had compiled my
> own bash binary using source package and the patch. But I wasn't
> really aware there is another issue not fixed yet. Glad I posted this
> question.
>
> Thanks again.
> Upen
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opencsw.org/pipermail/users/attachments/20140926/b35589c9/attachment.html>
More information about the users
mailing list