SuSE 11.3 Security Update : bash (SAT Patch Number 9780)
Critical Nessus Plugin ID 77958
The remote SuSE 11 host is missing one or more security updates.
The command-line shell 'bash' evaluates environment variables, which allows the injection of characters and might be used to access files on the system in some circumstances. (CVE-2014-7169) Please note that this issue is different from a previously fixed vulnerability tracked under CVE-2014-6271 and is less serious due to the special, non-default system configuration that is needed to create an exploitable situation. To remove further exploitation potential we now limit the function-in-environment variable to variables prefixed with BASH_FUNC_. This hardening feature is work in progress and might be improved in later updates. Additionally, two other security issues have been fixed : - Nested HERE documents could lead to a crash of bash. (CVE-2014-7186) - Nesting of for loops could lead to a crash of bash. (CVE-2014-7187)