Bash vulnerabilities

2014-09-27T00:00:00
ID USN-2364-1
Type ubuntu
Reporter Ubuntu
Modified 2014-09-27T00:00:00

Description

Florian Weimer and Todd Sabin discovered that the Bash parser incorrectly handled memory. An attacker could possibly use this issue to bypass certain environment restrictions and execute arbitrary code. (CVE-2014-7186, CVE-2014-7187)

In addition, this update introduces a hardening measure which adds prefixes and suffixes around environment variable names which contain shell functions.