openSUSE Security Update : bash (openSUSE-SU-2014:1226-1) (Shellshock)

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

bash was updated to fix a critical security issue, a minor security
issue and bugs :

In some circumstances, the shell would evaluate shellcode in
environment variables passed at startup time. This allowed code
execution by local or remote attackers who could pass environment
variables to bash scripts. (CVE-2014-6271)

Fixed a temporary file misuse in _rl_tropen (bnc#868822) Even if used
only by developers to debug readline library do not open temporary
files from public location without O_EXCL (CVE-2014-2524)

Additional bugfixes :

- Backported corrected german error message for a failing
getpwd (bnc#895475)

- Add bash upstream patch 47 to fix a problem where the
function that shortens pathnames for $PS1 according to
the value of $PROMPT_DIRTRIM uses memcpy on
potentially-overlapping regions of memory, when it
should use memmove. The result is garbled pathnames in
prompt strings.

- Add bash upstream patch 46 to fix a problem introduced
by patch 32 a problem with '[email protected]' and arrays expanding
empty positional parameters or array elements when using
substring expansion, pattern substitution, or case
modfication. The empty parameters or array elements are
removed instead of expanding to empty strings ('').

- Add bash-4.2-strcpy.patch from upstream mailing list to
patch collection tar ball to avoid when using \w in the
prompt and changing the directory outside of HOME the a
strcpy work on overlapping memory areas.

See also :

http://lists.opensuse.org/opensuse-updates/2014-09/msg00036.html
https://bugzilla.novell.com/show_bug.cgi?id=868822
https://bugzilla.novell.com/show_bug.cgi?id=895475
https://bugzilla.novell.com/show_bug.cgi?id=896776

Solution :

Update the affected bash packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 77846 ()

Bugtraq ID:

CVE ID: CVE-2014-2524
CVE-2014-6271

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now