bash (critical)

2014-09-29T14:04:19
ID OPENSUSE-SU-2014:1254-1
Type suse
Reporter Suse
Modified 2014-09-29T14:04:19

Description

bash was updated to fix command injection via environment variables. (CVE-2014-6271,CVE-2014-7169)

Also a hardening patch was applied that only imports functions over BASH_FUNC_ prefixed environment variables.

Also fixed: CVE-2014-7186, CVE-2014-7187: bad handling of HERE documents and for loop issue