Anonymous | Login | 2024-04-26 06:57 CEST |
Main | My View | View Issues |
Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||
ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||
0005208 | [bash] regular use | block | have not tried | 2014-09-25 09:46 | 2014-09-28 00:29 | ||
Reporter | laurent | View Status | public | ||||
Assigned To | yann | ||||||
Priority | normal | Resolution | fixed | ||||
Status | closed | ||||||
Summary | 0005208: Major vulnerabilities in bash | ||||||
Description |
It's been reported that the recently announced vulnerabilities in bash are impacting OpenCSW's. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271 [^] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169 [^] |
||||||
Additional Information | I've not checked myself yet, hence the tag above, but I don't doubt it's true. I'm in the process of assessing its impact on business, an OpenCSW package upgrade surely would help. | ||||||
Tags | No tags attached. | ||||||
Attached Files | |||||||
|
Notes | |
(0010922) laurent (developer) 2014-09-25 10:40 |
From the m/l: Hi, Yes, it is vulnerable. But bash-4.3.25,REV=2014.09.25 mitigates this security issue, you will find this package in my experimental repository http://buildfarm.opencsw.org/opencsw/experimental/yann [^] and it will soon land in unstable and testing repositories. However the story is not finished as the current fix doesn't yet solve all the problems, another CVE has been issued to track the remaining ones: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169 [^] Expect another update when the new security fix is out. Yann |
(0010926) yann (developer) 2014-09-28 00:11 |
Last package bash 4.3.25,REV=2014.09.26 contains the security fix for CVE 2014 7169 I am closing this bug. Yann |
Copyright © 2000 - 2008 Mantis Group |