bash-4.1.2-15.AXS4.1

エラータID: AXSA:2014-549:01

リリース日: 
2014/09/25 Thursday - 10:50
題名: 
bash-4.1.2-15.AXS4.1
影響のあるチャネル: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- 現時点では CVE-2014-6271 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。

一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2014-6271
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.


追加情報: 

N/A

ダウンロード: 

SRPMS
  1. bash-4.1.2-15.AXS4.1.src.rpm
    MD5: 658b0d8de1d580b2448635bd65ffc5d8
    SHA-256: a9d8a21d5fd8d96b1627e29b0fb2caea6d400b12bb56b4a30c541462e31472fd
    Size: 6.36 MB

Asianux Server 4 for x86
  1. bash-4.1.2-15.AXS4.1.i686.rpm
    MD5: c459f2eaf5b60ca972c1e5285c73eca0
    SHA-256: 5124bea0ba4037cc41166c292fb40e098cc485f3229e128d6a084c178a32c8ce
    Size: 886.11 kB

Asianux Server 4 for x86_64
  1. bash-4.1.2-15.AXS4.1.x86_64.rpm
    MD5: 53b2dfe7dda426c53d336a5ec9238fb8
    SHA-256: 5329915993d33887efcdd4d7c8aafad67cc4e43b3cb500bd14d844bd31b93d2e
    Size: 903.84 kB