-- Gian Uberto
Begin forwarded message: > Resent-From: [email protected] > From: John Hasler <[email protected]> > Date: 24. September 2014 23:25:58 MESZ > To: [email protected] > Subject: Re: Bash Code Injection Vulnerability via Specially Crafted > Environment Variables (CVE-2014-6271 > Reply-To: [email protected] (John Hasler) > > ------------------------------------------------------------------------- > Debian Security Advisory DSA-3032-1 [email protected] > http://www.debian.org/security/ Florian Weimer > September 24, 2014 http://www.debian.org/security/faq > ------------------------------------------------------------------------- > > Package : bash > CVE ID : CVE-2014-6271 > > Stephane Chazelas discovered a vulnerability in bash, the GNU > Bourne-Again Shell, related to how environment variables are > processed. In many common configurations, this vulnerability is > exploitable over the network, especially if bash has been configured > as the system shell. > > For the stable distribution (wheezy), this problem has been fixed in > version 4.2+dfsg-0.1+deb7u1. > > We recommend that you upgrade your bash packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: https://www.debian.org/security/ > > Mailing list: [email protected] > > You should be subscribed. > -- > John Hasler > [email protected] > Elmwood, WI USA > > > -- > To UNSUBSCRIBE, email to [email protected] > with a subject of "unsubscribe". Trouble? Contact [email protected] > Archive: https://lists.debian.org/[email protected] > >
