bash

Page content
  • Author: kikadf
  • Vulnerable: 4.2_045-5arcturus1
  • Unaffected: 4.2_045-5arcturus2

Tavis Ormandy discovered that the patch applied to fix CVE-2014-6271 for bash, the GNU Bourne-Again Shell, was incomplete and could still allow some characters to be injected into another environment (CVE-2014-7169). With this update prefix and suffix for environment variable names which contain shell functions are added as hardening measure.

CVEs: