[bash 0005208]: Major vulnerabilities in bash
Mantis Bug Tracker via bug-notifications
bug-notifications at lists.opencsw.org
Thu Sep 25 10:40:27 CEST 2014
A NOTE has been added to this issue.
======================================================================
https://www.opencsw.org/mantis/view.php?id=5208
======================================================================
Reported By: laurent
Assigned To:
======================================================================
Project: bash
Issue ID: 5208
Category: regular use
Reproducibility: have not tried
Severity: block
Priority: normal
Status: new
======================================================================
Date Submitted: 2014-09-25 09:46 CEST
Last Modified: 2014-09-25 10:40 CEST
======================================================================
Summary: Major vulnerabilities in bash
Description:
It's been reported that the recently announced vulnerabilities in bash are
impacting OpenCSW's.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
======================================================================
----------------------------------------------------------------------
(0010922) laurent (developer) - 2014-09-25 10:40
https://www.opencsw.org/mantis/view.php?id=5208#c10922
----------------------------------------------------------------------
>From the m/l:
Hi,
Yes, it is vulnerable.
But bash-4.3.25,REV=2014.09.25 mitigates this security issue, you will find
this package in my experimental repository
http://buildfarm.opencsw.org/opencsw/experimental/yann and it will soon
land in unstable and testing repositories.
However the story is not finished as the current fix doesn't yet solve all
the problems, another CVE has been issued to track the remaining ones:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
Expect another update when the new security fix is out.
Yann
More information about the bug-notifications
mailing list