Re: Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271

To: debian-user@lists.debian.org
Subject: Re: Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271
From: John Hasler <jhasler@newsguy.com>
Date: Wed, 24 Sep 2014 16:25:58 -0500
Message-id: <[🔎] 87iokcbti1.fsf@thumper.dhh.gt.org>
Reply-to: jhasler@newsguy.com (John Hasler)
In-reply-to: <[🔎] 20140924165250.2351e397@mydesq2.domain.cxm> (Steve Litt's message of "Wed, 24 Sep 2014 16:52:50 -0400")
References: <[🔎] 20140924165250.2351e397@mydesq2.domain.cxm>

-------------------------------------------------------------------------
Debian Security Advisory DSA-3032-1                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
September 24, 2014                     http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package        : bash
CVE ID         : CVE-2014-6271

Stephane Chazelas discovered a vulnerability in bash, the GNU
Bourne-Again Shell, related to how environment variables are
processed.  In many common configurations, this vulnerability is
exploitable over the network, especially if bash has been configured
as the system shell.

For the stable distribution (wheezy), this problem has been fixed in
version 4.2+dfsg-0.1+deb7u1.

We recommend that you upgrade your bash packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

You should be subscribed.
-- 
John Hasler 
jhasler@newsguy.com
Elmwood, WI USA

Reply to:

Follow-Ups:
- Re: Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271
  - From: Steve Litt <slitt@troubleshooters.com>
- Re: Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271
  - From: Jonathan Dowland <jmtd@debian.org>

References:
- Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271)
  - From: Steve Litt <slitt@troubleshooters.com>

Prev by Date: Re: Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271)
Next by Date: Re: systemd bug closed - next steps?
Previous by thread: Re: Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271)
Next by thread: Re: Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271
Index(es):
- Date
- Thread