[oss-security] Re: CVE-2014-6271: remote code execution through bash

2014-09-25T00:00:00
ID SECURITYVULNS:DOC:31106
Type securityvulns
Reporter Securityvulns
Modified 2014-09-25T00:00:00

Description

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

MITRE is currently using CVE-2014-7169 to track the report of the incomplete patch, i.e., incorrect function parsing that's present in builds that are up-to-date with the http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-025 changes. We realize that other people may be releasing further information about the technical details and implications later. CVE-2014-7169 expresses the affected upstream versions as "GNU Bash through 4.3 bash43-025" -- in general, this would include distribution packages released earlier today (2014-09-24).


CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUI3DaAAoJEKllVAevmvms+/kH/32ZGjC+BSqKoz6ZBUCMLnQ2 +Li91/GvD0Rs8bqKPDsz30spiJR57ZluKMrlxJrlIffiHqAFiYkQ3+JXmnK/HAnA OtgToNtZ+1BV2jPrjXhuy2h+E5paTXMhM0T12xaUo89vtE7oer4Pld4JDqreXSSk 1Nfu5AaGcvbBmwaNRn1qw+nARw0CFPmMRa169jQAesAAcyNx8V7IPgFpPj4K4S8c 0zKXVdhIZxXvPcdZ5QzXKhcluOyOl1dJsjXR1qXT03QJsvhRighqb/3dZy+4mLyl JWhDfs7l8XXGCzbF8eSg2CNBpTGy1d/32F7YqaKj53xWFWyktHtbk4nJ5hlPlKU= =E9tp -----END PGP SIGNATURE-----