[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[opensuse-security] Re: [security-announce] SUSE-SU-2014:1247-1: important: Security update for bash



 What about releasing this patch for the NON LTSS versions as well?
 Considering the severity of this bug...!

On Sun, Sep 28, 2014 at 7:05 PM,  <opensuse-security@xxxxxxxxxxxx> wrote:
>    SUSE Security Update: Security update for bash
> ______________________________________________________________________________
>
> Announcement ID:    SUSE-SU-2014:1247-1
> Rating:             important
> References:         #898346 #898603 #898604
> Cross-References:   CVE-2014-7169 CVE-2014-7186 CVE-2014-7187
>
> Affected Products:
>                     SUSE Linux Enterprise Software Development Kit 11 SP3
>                     SUSE Linux Enterprise Server 11 SP3 for VMware
>                     SUSE Linux Enterprise Server 11 SP3
>                     SUSE Linux Enterprise Server 11 SP2 LTSS
>                     SUSE Linux Enterprise Server 11 SP1 LTSS
>                     SUSE Linux Enterprise Server 10 SP4 LTSS
>                     SUSE Linux Enterprise Server 10 SP3 LTSS
>                     SUSE Linux Enterprise Desktop 11 SP3
> ______________________________________________________________________________
>
>    An update that fixes three vulnerabilities is now available.
>
> Description:
>
>
>    The command-line shell 'bash' evaluates environment variables, which
>    allows the injection of characters and might be used to access files on
>    the system in some circumstances (CVE-2014-7169).
>
>    Please note that this issue is different from a previously fixed
>    vulnerability tracked under CVE-2014-6271 and is less serious due to the
>    special, non-default system configuration that is needed to create an
>    exploitable situation.
>
>    To remove further exploitation potential we now limit the
>    function-in-environment variable to variables prefixed with BASH_FUNC_.
>    This hardening feature is work in progress and might be improved in later
>    updates.
>
>    Additionally, two other security issues have been fixed:
>
>        * CVE-2014-7186: Nested HERE documents could lead to a crash of bash.
>        * CVE-2014-7187: Nesting of for loops could lead to a crash of bash.
>
>    Security Issues:
>
>        * CVE-2014-7169
>          <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169>
>        * CVE-2014-7186
>          <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186>
>        * CVE-2014-7187
>          <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187>
>
>
> Patch Instructions:
>
>    To install this SUSE Security Update use YaST online_update.
>    Alternatively you can run the command listed for your product:
>
>    - SUSE Linux Enterprise Software Development Kit 11 SP3:
>
>       zypper in -t patch sdksp3-bash-9780
>
>    - SUSE Linux Enterprise Server 11 SP3 for VMware:
>
>       zypper in -t patch slessp3-bash-9780
>
>    - SUSE Linux Enterprise Server 11 SP3:
>
>       zypper in -t patch slessp3-bash-9780
>
>    - SUSE Linux Enterprise Server 11 SP2 LTSS:
>
>       zypper in -t patch slessp2-bash-9781
>
>    - SUSE Linux Enterprise Server 11 SP1 LTSS:
>
>       zypper in -t patch slessp1-bash-9782
>
>    - SUSE Linux Enterprise Desktop 11 SP3:
>
>       zypper in -t patch sledsp3-bash-9780
>
>    To bring your system up-to-date, use "zypper patch".
>
>
> Package List:
>
>    - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64):
>
>       readline-devel-5.2-147.22.1
>
>    - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64):
>
>       readline-devel-32bit-5.2-147.22.1
>
>    - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64):
>
>       libreadline5-5.2-147.22.1
>
>    - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64):
>
>       bash-3.2-147.22.1
>       bash-doc-3.2-147.22.1
>       libreadline5-5.2-147.22.1
>       readline-doc-5.2-147.22.1
>
>    - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64):
>
>       libreadline5-32bit-5.2-147.22.1
>
>    - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64):
>
>       bash-3.2-147.22.1
>       bash-doc-3.2-147.22.1
>       libreadline5-5.2-147.22.1
>       readline-doc-5.2-147.22.1
>
>    - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64):
>
>       libreadline5-32bit-5.2-147.22.1
>
>    - SUSE Linux Enterprise Server 11 SP3 (ia64):
>
>       bash-x86-3.2-147.22.1
>       libreadline5-x86-5.2-147.22.1
>
>    - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64):
>
>       bash-3.2-147.14.22.1
>       bash-doc-3.2-147.14.22.1
>       libreadline5-5.2-147.14.22.1
>       readline-doc-5.2-147.14.22.1
>
>    - SUSE Linux Enterprise Server 11 SP2 LTSS (s390x x86_64):
>
>       libreadline5-32bit-5.2-147.14.22.1
>
>    - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64):
>
>       bash-3.2-147.14.22.1
>       bash-doc-3.2-147.14.22.1
>       libreadline5-5.2-147.14.22.1
>       readline-doc-5.2-147.14.22.1
>
>    - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64):
>
>       libreadline5-32bit-5.2-147.14.22.1
>
>    - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64):
>
>       bash-3.1-24.34.1
>       readline-5.1-24.34.1
>       readline-devel-5.1-24.34.1
>
>    - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64):
>
>       readline-32bit-5.1-24.34.1
>       readline-devel-32bit-5.1-24.34.1
>
>    - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64):
>
>       bash-3.1-24.34.1
>       readline-5.1-24.34.1
>       readline-devel-5.1-24.34.1
>
>    - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64):
>
>       readline-32bit-5.1-24.34.1
>       readline-devel-32bit-5.1-24.34.1
>
>    - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64):
>
>       bash-3.2-147.22.1
>       bash-doc-3.2-147.22.1
>       libreadline5-5.2-147.22.1
>       readline-doc-5.2-147.22.1
>
>    - SUSE Linux Enterprise Desktop 11 SP3 (x86_64):
>
>       libreadline5-32bit-5.2-147.22.1
>
>
> References:
>
>    http://support.novell.com/security/cve/CVE-2014-7169.html
>    http://support.novell.com/security/cve/CVE-2014-7186.html
>    http://support.novell.com/security/cve/CVE-2014-7187.html
>    https://bugzilla.suse.com/show_bug.cgi?id=898346
>    https://bugzilla.suse.com/show_bug.cgi?id=898603
>    https://bugzilla.suse.com/show_bug.cgi?id=898604
>    http://download.suse.com/patch/finder/?keywords=01d7685e480d31be1641e84591918b9e
>    http://download.suse.com/patch/finder/?keywords=1143502d673561f6e5895393ba93df6f
>    http://download.suse.com/patch/finder/?keywords=7c3a2e9a2aa61a2702de17e1ed7a7f43
>    http://download.suse.com/patch/finder/?keywords=b6868a6fc575e34338a7d5fd7491f09f
>    http://download.suse.com/patch/finder/?keywords=d6f3fbe6b7cd7f9bd580be31dd2ada90
>
> --
> To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
> For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx
>



-- 
Met vriendelijke groet / Best regards,
Wilfred van Velzen
-- 
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-security+owner@xxxxxxxxxxxx