BASH - CVE-2014-6271

upen upendra.gandhi at gmail.com
Thu Sep 25 13:45:13 CEST 2014


Hi Dan and Yann,

On Thu, Sep 25, 2014 at 2:15 AM, Yann Rouillard <yann at pleiades.fr.eu.org> wrote:
> Hi,
>
> Yes, it is vulnerable.
> But bash-4.3.25,REV=2014.09.25 mitigates this security issue, you will find
> this package in my experimental repository
> http://buildfarm.opencsw.org/opencsw/experimental/yann and it will soon land
> in unstable and testing repositories.
>
> However the story is not finished as the current fix doesn't yet solve all
> the problems, another CVE has been issued to track the remaining ones:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
>
> Expect another update when the new security fix is out.
>
> Yann
>

Thank you very much for that information. Meanwhile I had compiled my
own bash binary using source package and the patch. But I wasn't
really aware there is another issue not fixed yet. Glad I posted this
question.

Thanks again.
Upen


More information about the users mailing list