We plan on releasing updates for this issue early next week.
** Also affects: bash (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: bash (Ubuntu Utopic)
Importance: Medium
Status: New
** Also affects: bash (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: bash (Ubuntu Precise)
Importance: Undecided
Status: New
** Changed in: bash (Ubuntu Lucid)
Status: New => Confirmed
** Changed in: bash (Ubuntu Precise)
Status: New => Confirmed
** Changed in: bash (Ubuntu Utopic)
Status: New => Confirmed
** Changed in: bash (Ubuntu Trusty)
Status: New => Confirmed
** Changed in: bash (Ubuntu Lucid)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
** Changed in: bash (Ubuntu Trusty)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
** Changed in: bash (Ubuntu Utopic)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
** Changed in: bash (Ubuntu Precise)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
** Changed in: bash (Ubuntu Precise)
Importance: Undecided => Medium
** Changed in: bash (Ubuntu Utopic)
Status: Confirmed => Fix Committed
** Changed in: bash (Ubuntu Trusty)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1374375
Title:
CVE-2014-7186: bash crashed with SIGSEGV in list_reverse()
Status in “bash” package in Ubuntu:
Fix Committed
Status in “bash” source package in Lucid:
Confirmed
Status in “bash” source package in Precise:
Confirmed
Status in “bash” source package in Trusty:
Confirmed
Status in “bash” source package in Utopic:
Fix Committed
Bug description:
Reproduced with
bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF
<<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF'
http://seclists.org/oss-sec/2014/q3/712
ProblemType: Crash
DistroRelease: Ubuntu 14.10
Package: bash 4.3-9ubuntu2
ProcVersionSignature: Ubuntu 3.16.0-17.23-generic 3.16.3
Uname: Linux 3.16.0-17-generic x86_64
NonfreeKernelModules: openafs
ApportVersion: 2.14.7-0ubuntu2
Architecture: amd64
CurrentDesktop: GNOME
Date: Fri Sep 26 05:42:50 2014
EcryptfsInUse: Yes
ExecutablePath: /bin/bash
InstallationDate: Installed on 2014-08-22 (35 days ago)
InstallationMedia: Ubuntu-GNOME 14.10 "Utopic Unicorn" - Alpha amd64
(20140730)
ProcCmdline: bash -c true\ <<EOF\ <<EOF\ <<EOF\ <<EOF\ <<EOF\ <<EOF\ <<EOF\
<<EOF\ <<EOF\ <<EOF\ <<EOF\ <<EOF\ <<EOF\ <<EOF\ <<EOF\ <<EOF\ <<EOF\ <<EOF
SegvAnalysis:
Segfault happened at: 0x46cfc3 <list_reverse+19>: mov (%rax),%rdx
PC (0x0046cfc3) ok
source "(%rax)" (0x3c3c20464f453c3c) not located in a known VMA region
(needed readable region)!
destination "%rdx" ok
SegvReason: reading unknown VMA
Signal: 11
SourcePackage: bash
StacktraceTop:
list_reverse ()
clean_simple_command ()
yyparse ()
parse_command ()
parse_and_execute ()
Title: bash crashed with SIGSEGV in list_reverse()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm bumblebee cdrom dip libvirtd lpadmin plugdev sambashare sudo
wireshark
modified.conffile..etc.bash.bashrc: [modified]
mtime.conffile..etc.bash.bashrc: 2014-03-27T19:05:55
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1374375/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
