Univention Bugzilla – Full Text Bug Listing |
Summary: | bash: Missing sanitising (4.0) | ||
---|---|---|---|
Product: | UCS | Reporter: | Stefan Gohmann <gohmann> |
Component: | Security updates | Assignee: | Janek Walkenhorst <walkenhorst> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | normal | ||
Priority: | P3 | CC: | gohmann, jmm, michelsmidt, najjar, walkenhorst |
Version: | UCS 4.0 | Keywords: | interim-2 |
Target Milestone: | UCS 4.0 | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | |||
Bug Depends on: | 35992 | ||
Bug Blocks: |
Description
Stefan Gohmann
2014-10-02 11:03:33 CEST
OK: CVE-2014-6271 CVE-2014-7169 OK: zless /usr/share/doc/bash/changelog.Debian.gz OK: dpkg-query -W bash # 4.2+dfsg-0.1.46.201410021458 OK: env x='() { :;}; echo vulnerable' bash -c "echo this is a test" OK: cd /tmp;rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date";cat /tmp/echo OK: amd64/bash_4.2+dfsg-0.1.46.201410021458_amd64.deb OK: i386/bash_4.2+dfsg-0.1.46.201410021458_i386.deb OK: isoinfo -f -R -i isotests/ucs_4.0-0-latest-amd64.iso | grep bash_ /amd64/bash_4.2+dfsg-0.1.46.201410021458_amd64.deb TODO: isoinfo -f -R -i isotests/ucs_4.0-0-latest-i386.iso | grep bash_ /i386/bash_4.2+dfsg-0.1.29.201403141200_i386.deb FIXED: isoinfo -f -R -i isotests/ucs_4.0-0-20141006-095844-dvd-i386.iso |grep bash_ /i386/bash_4.2+dfsg-0.1.46.201410021458_i386.deb UCS 4.0-0 has been released: http://docs.univention.de/release-notes-4.0-0-en.html http://docs.univention.de/release-notes-4.0-0-de.html If this error occurs again, please use "Clone This Bug". |