bash-3.2-33.AXS3.1
エラータID: AXSA:2014-548:01
Description :
The GNU Bourne Again shell (Bash) is a shell or command language
interpreter that is compatible with the Bourne shell (sh). Bash
incorporates useful features from the Korn shell (ksh) and the C shell
(csh). Most sh scripts can be run by bash without modification. This
package (bash) contains bash version 3.2, which improves POSIX
compliance over previous versions.
Security issues fixed with this release:
CVE-2014-6271
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Please see below CVE's link for more information.
update package.
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
N/A
Asianux Server 3 for x86
- bash-3.2-33.AXS3.1.i386.rpm
MD5: b1a7a3c312e4c82bad714bf3f4ca72e8
SHA-256: 5f620c3ca555fb6b540650e1a8c328dc3121e3c1b29954a65e0965a01e8619c0
Size: 1.79 MB
Asianux Server 3 for x86_64
- bash-3.2-33.AXS3.1.x86_64.rpm
MD5: 5ca0cbf1d3efe4cdc89219204ee7da25
SHA-256: 0a6cb06dd1c422f48cc0d18ebf57468173d899312918334cb62fab1a8163e4fd
Size: 1.81 MB