bash
Page content
- Author: kikadf
- Vulnerable: 4.2_045-5arcturus1
- Unaffected: 4.2_045-5arcturus2
Tavis Ormandy discovered that the patch applied to fix CVE-2014-6271 for bash, the GNU Bourne-Again Shell, was incomplete and could still allow some characters to be injected into another environment (CVE-2014-7169). With this update prefix and suffix for environment variable names which contain shell functions are added as hardening measure.