BASH - CVE-2014-6271
yann at pleiades.fr.eu.org
Fri Sep 26 21:14:13 CEST 2014
FYI, the new security fix is out. The last opencsw bash
package, bash-4.3.25,REV=2014.09.26, contains that fix and is not
vulnerable to CVE-2014-7169
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169>. It should
land soon in stable, testing and unstable repositories on all opencsw
2014-09-25 13:45 GMT+02:00 upen <upendra.gandhi at gmail.com>:
> Hi Dan and Yann,
> On Thu, Sep 25, 2014 at 2:15 AM, Yann Rouillard <yann at pleiades.fr.eu.org>
> > Hi,
> > Yes, it is vulnerable.
> > But bash-4.3.25,REV=2014.09.25 mitigates this security issue, you will
> > this package in my experimental repository
> > http://buildfarm.opencsw.org/opencsw/experimental/yann and it will soon
> > in unstable and testing repositories.
> > However the story is not finished as the current fix doesn't yet solve
> > the problems, another CVE has been issued to track the remaining ones:
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
> > Expect another update when the new security fix is out.
> > Yann
> Thank you very much for that information. Meanwhile I had compiled my
> own bash binary using source package and the patch. But I wasn't
> really aware there is another issue not fixed yet. Glad I posted this
> Thanks again.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users