MGASA-2014-0393

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0393.html

Import Source

https://advisories.mageia.org/MGASA-2014-0393.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2014-0393

Related

CVE-2014-7169

Published

2014-09-28T12:17:31Z

Modified

2014-09-28T11:49:31Z

Summary

Updated bash packages fix CVE-2014-7169

Details

Updated bash packages fix security vulnerability:

It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue (CVE-2014-7169).

Bash has been updated to version 4.2 patch level 49 to fix this issue.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:4 / bash

Package

Name: bash
Purl: pkg:rpm/mageia/bash?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.2-49.1.mga4

Ecosystem specific

{
    "section": "core"
}

Mageia:3 / bash

Package

Name: bash
Purl: pkg:rpm/mageia/bash?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.2-49.1.mga3

Ecosystem specific

{
    "section": "core"
}