Serious Bash security vulnerabilities

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Serious Bash security vulnerabilities

From:	Ludovic Courtès
Subject:	Serious Bash security vulnerabilities
Date:	Thu, 25 Sep 2014 15:14:18 +0200
User-agent:	Gnus/5.130011 (Ma Gnus v0.11) Emacs/24.3 (gnu/linux)

Yesterday a serious Bash vulnerability was disclosed, which led to the
creation of the bash-cve-2014-6271 branch which is now half built:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
  http://seclists.org/oss-sec/2014/q3/650
  http://hydra.gnu.org/jobset/gnu/bash-cve-2014-6271

However, a few hours later, the fix was found to be incomplete:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169

Currently a patch has been posted by the Bash maintainer, but there have
been no reactions yet, and it’s not on ftp.gnu.org yet:

  http://seclists.org/oss-sec/2014/q3/690

We’ll apply it when as soon as there’s some confirmation that it does
solve the problem, and get Hydra to rebuild the whole thing.  We’ll
merge the branch as soon as a reasonable subset has been built.

Ludo’.

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Serious Bash security vulnerabilities, Ludovic Courtès <=
- Re: Serious Bash security vulnerabilities, Ludovic Courtès, 2014/09/26
  - Re: Serious Bash security vulnerabilities, Ludovic Courtès, 2014/09/26

Prev by Date: Re: [PATCH 3/3] gnu: Add scrot.
Next by Date: Re: [PATCH 3/3] gnu: Add scrot.
Previous by thread: [PATCH 3/3] gnu: Add scrot.
Next by thread: Re: Serious Bash security vulnerabilities
Index(es):
- Date
- Thread