*** This bug is a duplicate of bug 1373781 ***
https://bugs.launchpad.net/bugs/1373781
** This bug has been marked a duplicate of bug 1373781
bash incomplete fix for CVE-2014-6271
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-6271
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1373688
Title:
Bash Code Injection Vulnerability via Specially Crafted Environment
Variables
Status in “bash” package in Ubuntu:
Fix Released
Bug description:
Identified in RedHat and Debian
https://www.debian.org/security/2014/dsa-3032
From the RedHat advisory - https://access.redhat.com/articles/1200223
"Diagnostic Steps
To test if your version of Bash is vulnerable to this issue, run the
following command:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If the output of the above command looks as follows:
vulnerable
this is a test"
Confirmed on Ubuntu 14.04 LTS using Bash 4.3-7ubuntu1.1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1373688/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
