[SECURITY] debian-lts-announce@lists.debian.org

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] debian-lts-announce@lists.debian.org
From: Florian Weimer <fw@deneb.enyo.de>
Date: Wed, 24 Sep 2014 17:22:27 +0200
Message-id: <[🔎] 87tx3xdowc.fsf@mid.deneb.enyo.de>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Package        : bash
Version        : 4.1-3+deb6u1
CVE ID         : CVE-2014-6271

Stephane Chazelas discovered a vulnerability in bash, the GNU
Bourne-Again Shell, related to how environment variables are
processed.  In many common configurations, this vulnerability is
exploitable over the network, especially if bash has been configured
as the system shell.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJUIuoRAAoJEL97/wQC1SS+WOYH/0LnJcpr1Gqn7YIhooLLsTsk
goLiGFN2+UhSyLL5vmtgNXFfcRkK2lbZiF8JuMb4ztHQTA9rJbo8RbN1z6YgEhdV
hjICyHfleeL0R+EcQuwJpJ/QHBx1mV4fhgTZkHhzuj+GhckluZWye+Kt8lzu1lKP
b8w/ylhiq+b7fc1grUKAjdzANlrmJvQ/JLq38e/zD85qzgiLsR23Ox2uqTt/lJa6
bGtH7nSC6q57YNAak1OwT3LE4/Ho6zccsv6JPiq9suWI5CnU9OigYSotuFCskIs9
HwB96B+8c4tcfUxH5VLG18nilq/2QBLF0CR11N7vuluVio0haNz32DLHDOWafbk=
=PzVe
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 58-1] apt security update
Next by Date: [SECURITY] [DLA 60-1] icinga security update
Previous by thread: [SECURITY] [DLA 58-1] apt security update
Next by thread: [SECURITY] [DLA 60-1] icinga security update
Index(es):
- Date
- Thread