Hi, Red Hat released new packages at https://rhn.redhat.com/errata/RHSA-2014-1306.html, that include fix for CVE-2014-7169, and they fixed with another way, and another problems (OOB memory access).
We can investigate from RH SRPM, http://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bash-4.1.2-15.el6_5.2.src.rpm IMHO, Red Hat fix included 3 patches. - bash-4.2-cve-2014-7169-0.patch : parser bug fix-A for CVE-2014-7169 (same as http://seclists.org/oss-sec/2014/q3/685 ) - bash-4.2-cve-2014-7169-1.patch : introduce variable isolation in function import situation. another fix for CVE-2014-7169. this is new patch. - bash-4.2-cve-2014-7169-2.patch : OOB memory access(new problem) fix. They probosed these new patches at http://www.openwall.com/lists/oss- security/2014/09/25/32 . I make a proposition about that, could we apply these new patches? or they are not important? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1373781 Title: bash incomplete fix for CVE-2014-6271 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1373781/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
