CVE-2014-6278

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and...

USN-28-1: sudo vulnerability

Liam Helmer discovered an input validation flaw in sudo. When the standard shell "bash" starts up, it searches the environment for variables with a value beginning with "". For each of these variables a function with the same name is created, with the function body filled in from the environment...