Thursday, September 25, 2014

USN-2363-2: Bash vulnerability

Ubuntu Security Notice USN-2363-2


25th September, 2014


bash vulnerability


A security issue affects these releases of Ubuntu and its derivatives:



  • Ubuntu 14.04 LTS


Summary


Bash allowed bypassing environment restrictions in certain environments.


Software description



  • bash - GNU Bourne Again SHell


Details


USN-2363-1 fixed a vulnerability in Bash. Due to a build issue, the patch

for CVE-2014-7169 didn't get properly applied in the Ubuntu 14.04 LTS

package. This update fixes the problem.


We apologize for the inconvenience.


Original advisory details:


Tavis Ormandy discovered that the security fix for Bash included in

USN-2362-1 was incomplete. An attacker could use this issue to bypass

certain environment restrictions. (CVE-2014-7169)


Update instructions


The problem can be corrected by updating your system to the following package version:



Ubuntu 14.04 LTS:

bash 4.3-7ubuntu1.3


To update your system, please follow these instructions: http://bit.ly/1aJDvTw.


In general, a standard system update will make all the necessary changes.


References


CVE-2014-7169






from Ubuntu Security Notices http://bit.ly/YfeHlJ
Posted by at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)