stable

bash-4.3.22-3.fc21

FEDORA-2014-11295 created by ooprala 9 years ago for Fedora 21

Disclosure - http://www.openwall.com/lists/oss-security/2014/09/24/10

Behaviour prior to patch:

$ env x='() { :;}; echo OOPS' bash -c /usr/sbin/nologin OOPS This account is currently not available.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2014-11295

This update has been submitted for testing by ooprala. This critical path update has not yet been approved for pushing to the stable repository. It must first reach a karma of 2, consisting of 0 positive karma from proventesters, along with 2 additional karma from the community. Or, it must spend 14 days in testing without any negative feedback

9 years ago
User Icon jsmith commented & provided feedback 9 years ago
karma

Tested on my primary machine, patch seems to be working fine. Testing reveals no issues.

Critical path update approved

9 years ago

AutoQA: depcheck test PASSED on i386. Result log: http://autoqa.fedoraproject.org/report/1habl (results are informative only)

AutoQA: depcheck test PASSED on x86_64. Result log: http://autoqa.fedoraproject.org/report/1habq (results are informative only)

User Icon mattdm commented & provided feedback 9 years ago
karma

Tested on Fedora 21 cloud image. Works for me, and behavior test now gives an error instead of outputting "OOPS"

User Icon sgallagh commented & provided feedback 9 years ago
karma

I tested on Fedora 21 Workstation. Test now gives the error: bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' This account is currently not available.

This update has reached the stable karma threshold and will be pushed to the stable updates repository

9 years ago

AutoQA: upgradepath test PASSED on noarch. Result log: http://autoqa.fedoraproject.org/report/1hafi (results are informative only)

This update has been submitted for testing by ausil.

9 years ago

pushing to testing to get into users hands faster

AutoQA: depcheck test PASSED on i386. Result log: http://autoqa.fedoraproject.org/report/1hahj (results are informative only)

AutoQA: upgradepath test PASSED on noarch. Result log: http://autoqa.fedoraproject.org/report/1haho (results are informative only)

AutoQA: depcheck test PASSED on x86_64. Result log: http://autoqa.fedoraproject.org/report/1hahs (results are informative only)

User Icon spstarr commented & provided feedback 9 years ago
karma

The code fragment gives me the expected error.

This update is currently being pushed to the Fedora 21 testing updates repository.

9 years ago

This update has been pushed to testing

9 years ago
User Icon mstevens commented & provided feedback 9 years ago
karma

works fine

User Icon nonamedotc commented & provided feedback 9 years ago
karma

looks good to me

This update has reached the stable karma threshold and will be pushed to the stable updates repository

9 years ago
User Icon pnemade commented & provided feedback 9 years ago
karma

I see this is fixed. After updating I see error instead of OOPS

User Icon smittix commented & provided feedback 9 years ago
karma

Working fine here.

AutoQA: depcheck test PASSED on i386. Result log: http://autoqa.fedoraproject.org/report/1hbb4 (results are informative only)

AutoQA: upgradepath test PASSED on noarch. Result log: http://autoqa.fedoraproject.org/report/1hbb5 (results are informative only)

AutoQA: depcheck test PASSED on x86_64. Result log: http://autoqa.fedoraproject.org/report/1hbbb (results are informative only)

User Icon jsmith commented & provided feedback 9 years ago
karma

The fix in this package is incomplete, and so CVE 2014-7169 has been opened to make sure the fix is fully complete.

User Icon smittix commented & provided feedback 9 years ago
karma

incomplete fix for CVE-2014-6271 - New CVE opened CVE-2014-7169

User Icon pingou commented & provided feedback 9 years ago
karma

WFM

This update is currently being pushed to the Fedora 21 stable updates repository.

9 years ago

This update has been pushed to stable

9 years ago

Please login to add feedback.

Metadata
Type
security
Karma
5
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
9 years ago
in testing
9 years ago
in stable
9 years ago
modified
9 years ago
BZ#1141597 CVE-2014-6271 bash: specially-crafted environment variables can be used to inject shell commands
0
0

Automated Test Results