Updated bash packages fix security vulnerabilities: Bash has been updated to version 4.2 patch level 50, which further mitigates ShellShock-type vulnerabilities. Two such issues have already been discovered (CVE-2014-6277, CVE-2014-6278). See the RedHat article on the backward-incompatible changes introduced by the latest patch, caused by adding prefixes and suffixes to the variable names used for exporting functions. Note that the RedHat article mentions these variable names will have parentheses “()” at the end of their names, however, the latest upstream patch uses two percent signs “%%” at the end instead. Two other unrelated security issues in the parser have also been fixed in this update (CVE-2014-7186, CVE-2014-7187).

OSVersionArchitecturePackageVersionFilename
Mageia3noarchbash< 4.2-50.2bash-4.2-50.2.mga3
Mageia4noarchbash< 4.2-50.2bash-4.2-50.2.mga4

OS	Version	Architecture	Package	Version	Filename
Mageia	3	noarch	bash	< 4.2-50.2	bash-4.2-50.2.mga3
Mageia	4	noarch	bash	< 4.2-50.2	bash-4.2-50.2.mga4

References

access.redhat.com/articles/1200223

bugs.mageia.org/show_bug.cgi?id=14193

bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6277

bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6278

rhn.redhat.com/errata/RHSA-2014-1306.html

openvas 24

gentoo 1

nessus 50

seebug 2

exploitpack 4

packetstorm 4

ibm 49

citrix 1

checkpoint_advisories 1

securityvulns 5

kitploit 1

cisco 1

huawei 1

vmware 2

threatpost 2

f5 2

jvn 1

oraclelinux 5

zdt 3

nvidia 1

prion 4

freebsd 3

cve 4

ubuntu 2

cloudfoundry 1

lenovo 1

cert 1

exploitdb 2

suse 7

debiancve 1

ubuntucve 1

redhat 5

amazon 1

osv 1

centos 1

saint 3

veracode 1

openvas

Gentoo Security Advisory GLSA 201410-01

2015-09-29 00:00:00

Mageia: Security Advisory (MGASA-2014-0394)

2022-01-28 00:00:00

Citrix XenServer Shellshock Security Update (CTX200223)

2014-12-18 00:00:00

gentoo

Bash: Multiple vulnerabilities

2014-10-04 00:00:00

nessus

GLSA-201410-01 : Bash: Multiple vulnerabilities (Shellshock)

2014-10-06 00:00:00

McAfee Web Gateway GNU Bash Code Injection (SB10085) (Shellshock)

2014-11-12 00:00:00

Juniper Junos Space GNU Bash Command Injection Vulnerability (JSA10648) (Shellshock)

2014-12-22 00:00:00

seebug

GNU bash 4.3.11 Environment Variable dhclient Exploit

2014-10-10 00:00:00

Bash 4.3 远程命令执行漏洞 (破壳)

2014-09-26 00:00:00

exploitpack

GNU bash 4.3.11 - Environment Variable dhclient

2014-10-02 00:00:00

dhclient 4.1 - Bash Environment Variable Command Injection (Shellshock)

2014-09-29 00:00:00

Binary File Descriptor Library (libbfd) - Out-of-Bounds Crash

2014-10-27 00:00:00

packetstorm

GNU Bash 4.3.11 dhclient Shellshocker

2014-10-02 00:00:00

Bash Me Some More

2014-10-01 00:00:00

DNS Reverse Lookup Shellshock

2014-10-13 00:00:00

ibm

Security Bulletin: Vulnerabilities in Bash affect IBM Smart Analytics System 5600 (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

2018-06-16 13:58:11

Security Bulletin: Vulnerabilities in Bash affect multiple products shipped with Intelligent Cluster (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

2019-01-31 01:45:01

Security Bulletin: Vulnerabilities in Bash affect IBM System Storage Storwize V7000 Unified (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

2018-06-18 00:08:41

citrix

Citrix Security Advisory for GNU Bash Shellshock Vulnerabilities

2014-09-26 04:00:00

checkpoint_advisories

GNU Bash Remote Code Execution (CVE-2014-6271; CVE-2014-6277; CVE-2014-6278; CVE-2014-7169; CVE-2014-7186; CVE-2014-7187)

2014-09-25 00:00:00

securityvulns

CA20141001-01: Security Notice for Bash Shellshock Vulnerability

2014-10-13 00:00:00

the other bash RCEs (CVE-2014-6277 and CVE-2014-6278)

2014-10-05 00:00:00

bash code execution

2014-10-13 00:00:00

kitploit

ShellShockHunter - It's A Simple Tool For Test Vulnerability Shellshock

2021-02-10 11:30:00

cisco

GNU Bash Environment Variable Command Injection Vulnerability

2014-09-26 01:00:00

huawei

Security Advisory-Bash Code Injection Vulnerability

2014-10-24 00:00:00

vmware

VMware product updates address critical Bash security vulnerabilities

2014-09-30 00:00:00

VMware product updates address critical Bash security vulnerabilities

2014-09-30 00:00:00

threatpost

Researcher Takes Wraps off Undisclosed Bash Vulnerabilities

2014-10-03 05:00:50

VMware Begins to Patch Bash Issues Across Product Line

2014-10-01 14:43:47

SOL15629 - Multiple GNU Bash vulnerabilities

2014-09-25 00:00:00

K15629 : Multiple GNU Bash vulnerabilities

2015-05-22 00:00:00

jvn

JVN#55667175: QNAP QTS vulnerable to OS command injection

2014-10-28 00:00:00

oraclelinux

bash security update

2014-11-20 00:00:00

bash security update

2014-11-20 00:00:00

bash security update

2014-11-20 00:00:00

zdt

DNS Reverse Lookup Shellshock Exploit

2014-10-14 00:00:00

Sun Secure Global Desktop and Oracle Global Desktop 4.61.915 - Exploit (Shellshock)

2016-06-06 00:00:00

Cisco UCS Manager 2.1(1b) - Remote Exploit (Shellshock)

2016-03-16 00:00:00

nvidia

Security Bulletin: Vulnerabilities in Bash affect NVIDIA Tegra Linux L4T CVE 2014-6271, CVE 2014-7169, CVE 2014-7186, CVE 2014-7187, CVE 2014-6277, CVE 2014-6278

2015-03-03 00:00:00

prion

Design/Logic Flaw

2014-10-03 18:55:00

Design/Logic Flaw

2014-10-13 18:55:00

Design/Logic Flaw

2014-09-30 10:55:00

freebsd

bash -- remote code execution

2014-09-27 00:00:00

bash -- out-of-bounds memory access in parser

2014-09-25 00:00:00

rt42 -- vulnerabilities related to shellshock

2014-10-02 00:00:00

cve

CVE-2014-7227

2014-10-03 18:55:00

CVE-2014-3671

2014-10-13 18:55:00

CVE-2014-6278

2014-09-30 10:55:00

ubuntu

Bash vulnerabilities

2014-10-09 00:00:00

Bash vulnerabilities

2014-09-27 00:00:00

cloudfoundry

CVE-2014-7186 and CVE-2014-7187 - Bash Out of Bounds | Cloud Foundry

2014-09-29 00:00:00

lenovo

GNU Bourne-Again Shell (Bash) 'Shellshock'

2016-11-16 00:00:00

cert

GNU Bash shell executes commands in exported functions in environment variables

2014-09-25 00:00:00

exploitdb

dhclient 4.1 - Bash Environment Variable Command Injection (Shellshock)

2014-09-29 00:00:00

GNU bash 4.3.11 - Environment Variable dhclient

2014-10-02 00:00:00

suse

Security update for Containment-Studio (important)

2014-10-14 01:05:00

Security update for bash (important)

2014-09-28 19:05:16

bash (critical)

2014-09-29 14:04:19

debiancve

CVE-2014-6278

2014-09-30 10:55:00

ubuntucve

CVE-2014-6278

2014-09-30 00:00:00

redhat

(RHSA-2014:1311) Important: bash security update

2014-09-26 00:00:00

(RHSA-2014:1865) Important: bash Shift_JIS security update

2014-11-17 00:00:00

(RHSA-2014:1306) Important: bash security update

2014-09-26 00:00:00

amazon

Important: bash

2014-09-24 22:26:00

osv

bash - security update

2014-09-26 00:00:00

centos

bash security update

2014-09-26 02:16:02

saint

Bash environment variable command injection in Cisco UCS Manager

2016-03-24 00:00:00

Bash environment variable command injection in Cisco UCS Manager

2016-03-24 00:00:00

Bash environment variable command injection in Cisco UCS Manager

2016-03-24 00:00:00

veracode

Arbitrary Code Execution

2019-05-02 05:11:45

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

JSON

Related for MGASA-2014-0394