** Information type changed from Private Security to Public Security ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-6271
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bash in Ubuntu. https://bugs.launchpad.net/bugs/1373688 Title: Bash Code Injection Vulnerability via Specially Crafted Environment Variables Status in “bash” package in Ubuntu: Fix Released Bug description: Identified in RedHat and Debian https://www.debian.org/security/2014/dsa-3032 From the RedHat advisory - https://access.redhat.com/articles/1200223 "Diagnostic Steps To test if your version of Bash is vulnerable to this issue, run the following command: $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" If the output of the above command looks as follows: vulnerable this is a test" Confirmed on Ubuntu 14.04 LTS using Bash 4.3-7ubuntu1.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1373688/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
