Bug 4446 - bash vulnerability
: bash vulnerability
Status: RESOLVED FIXED
Product: Desktop Bugs
Classification: ROSA Desktop
Component: Main Packages
: unspecified
: All Linux
: Normal normal
: ---
Assigned To: ROSA Linux Bugs
: ROSA Linux Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-09-25 23:16 MSD by Rolf Pedersen
Modified: 2014-09-27 23:19 MSD (History)
1 user (show)

See Also:
RPM Package: bash-4.2-11.2.src.rpm
ISO-related:
Bad POT generating:
Upstream:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Rolf Pedersen 2014-09-25 23:16:32 MSD
https://access.redhat.com/node/1200223

Reportedly, there is a vulnerability in bash.  A test provided at the above page executes as follows:

[rolf@2012 ~]$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test

Up to date:

[rolf@2012 ~]$ cat /etc/release 
ROSA Desktop Fresh R3 release 2012.1 for x86_64
[rolf@2012 ~]$ rpm -qa --last|grep bash
bash-completion-2.1-12-rosa2012.1.noarch      Mon 01 Sep 2014 06:05:04 PM PDT
bash-4.2-11.2-rosa2012.1.x86_64               Fri 25 Apr 2014 06:43:21 AM PDT
Comment 1 Denis Silakov 2014-09-27 23:19:18 MSD
Yes, though we are primarily concentrated on preparing R4 release based on a new platform/repositories, this bug is serious enough. Patched and published for R3.