BASH - CVE-2014-6271

upen upendra.gandhi at gmail.com
Fri Sep 26 21:16:32 CEST 2014


Excellent. Thanks so much Yann and the CSW team.

On Fri, Sep 26, 2014 at 2:14 PM, Yann Rouillard <yann at pleiades.fr.eu.org> wrote:
> Hi Upendra,
>
> FYI, the new security fix is out. The last opencsw bash package,
> bash-4.3.25,REV=2014.09.26, contains that fix and is not vulnerable to
> CVE-2014-7169. It should land soon in stable, testing and unstable
> repositories on all opencsw mirrors.
>
> Yann
>
>
> 2014-09-25 13:45 GMT+02:00 upen <upendra.gandhi at gmail.com>:
>>
>> Hi Dan and Yann,
>>
>> On Thu, Sep 25, 2014 at 2:15 AM, Yann Rouillard <yann at pleiades.fr.eu.org>
>> wrote:
>> > Hi,
>> >
>> > Yes, it is vulnerable.
>> > But bash-4.3.25,REV=2014.09.25 mitigates this security issue, you will
>> > find
>> > this package in my experimental repository
>> > http://buildfarm.opencsw.org/opencsw/experimental/yann and it will soon
>> > land
>> > in unstable and testing repositories.
>> >
>> > However the story is not finished as the current fix doesn't yet solve
>> > all
>> > the problems, another CVE has been issued to track the remaining ones:
>> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
>> >
>> > Expect another update when the new security fix is out.
>> >
>> > Yann
>> >
>>
>> Thank you very much for that information. Meanwhile I had compiled my
>> own bash binary using source package and the patch. But I wasn't
>> really aware there is another issue not fixed yet. Glad I posted this
>> question.
>>
>> Thanks again.
>> Upen
>
>



-- 
upen,
emerge -uD life (Upgrade Life with dependencies)


More information about the users mailing list