Synopsis
The remote Gentoo host is missing one or more security-related patches.
Description
The remote host is affected by the vulnerability described in GLSA-201409-09 (Bash: Code Injection)
Stephane Chazelas reported that Bash incorrectly handles function definitions, allowing attackers to inject arbitrary code.
Impact :
A remote attacker could exploit this vulnerability to execute arbitrary commands even in restricted environments.
Workaround :
There is no known workaround at this time.
Solution
All Bash 3.1 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-shells/bash-3.1_p18:3.1' All Bash 3.2 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-shells/bash-3.2_p52:3.2' All Bash 4.0 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-shells/bash-4.0_p39:4.0' All Bash 4.1 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-shells/bash-4.1_p12:4.1' All Bash 4.2 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-shells/bash-4.2_p48'