bash-4.1.2-15.AXS4.1
エラータID: AXSA:2014-549:01
Release date:
Thursday, September 25, 2014 - 10:50
Subject:
bash-4.1.2-15.AXS4.1
Affected Channels:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
Description :
The GNU Bourne Again shell (Bash) is a shell or command language
interpreter that is compatible with the Bourne shell (sh). Bash
incorporates useful features from the Korn shell (ksh) and the C shell
(csh). Most sh scripts can be run by bash without modification.
Security issues fixed with this release:
CVE-2014-6271
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Please see below CVE's link for more information.
Solution:
update package.
CVEs:
CVE-2014-6271
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
Additional Info:
N/A
Download:
SRPMS
- bash-4.1.2-15.AXS4.1.src.rpm
MD5: 658b0d8de1d580b2448635bd65ffc5d8
SHA-256: a9d8a21d5fd8d96b1627e29b0fb2caea6d400b12bb56b4a30c541462e31472fd
Size: 6.36 MB
Asianux Server 4 for x86
- bash-4.1.2-15.AXS4.1.i686.rpm
MD5: c459f2eaf5b60ca972c1e5285c73eca0
SHA-256: 5124bea0ba4037cc41166c292fb40e098cc485f3229e128d6a084c178a32c8ce
Size: 886.11 kB
Asianux Server 4 for x86_64
- bash-4.1.2-15.AXS4.1.x86_64.rpm
MD5: 53b2dfe7dda426c53d336a5ec9238fb8
SHA-256: 5329915993d33887efcdd4d7c8aafad67cc4e43b3cb500bd14d844bd31b93d2e
Size: 903.84 kB