oval:org.mitre.oval:def:26631
| Definition Id: oval:org.mitre.oval:def:26631 | |||
| Oval ID: | oval:org.mitre.oval:def:26631 | ||
| Title: | SUSE-SU-2014:1247-1 -- Security update for bash | ||
| Description: | The command-line shell 'bash' evaluates environment variables, which allows the injection of characters and might be used to access files on the system in some circumstances (CVE-2014-7169). Please note that this issue is different from a previously fixed vulnerability tracked under CVE-2014-6271 and is less serious due to the special, non-default system configuration that is needed to create an exploitable situation. To remove further exploitation potential we now limit the function-in-environment variable to variables prefixed with BASH_FUNC_. This hardening feature is work in progress and might be improved in later updates. Additionally, two other security issues have been fixed: * CVE-2014-7186: Nested HERE documents could lead to a crash of bash. * CVE-2014-7187: Nesting of for loops could lead to a crash of bash. Security Issues: * CVE-2014-7169 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169> * CVE-2014-7186 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186> * CVE-2014-7187 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187> | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2014:1247-1 CVE-2014-7169 CVE-2014-6271 CVE-2014-7186 CVE-2014-7187 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 10 SUSE Linux Enterprise Desktop 11 | Product(s): | bash |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17270 | |||
| Oval ID: | oval:org.mitre.oval:def:17270 | ||
| Title: | SUSE Linux Enterprise Server 11.x is installed | ||
| Description: | SUSE Linux Enterprise Server 11.x is installed. | ||
| Family: | unix | Class: | inventory |
| Reference(s): | cpe:/o:novell:suse_linux:11::server | Version: | 5 |
| Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | |
| Definition Synopsis: | |||
| Referenced By: | |||
| oval:org.mitre.oval:def:26631 oval:org.mitre.oval:def:26631 | |||
| Definition Id: oval:org.mitre.oval:def:25140 | |||
| Oval ID: | oval:org.mitre.oval:def:25140 | ||
| Title: | SUSE Linux Enterprise Desktop 11.x is installed | ||
| Description: | SUSE Linux Enterprise Desktop 11.x is installed. | ||
| Family: | unix | Class: | inventory |
| Reference(s): | cpe:/o:suse:suse_linux:11::desktop | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Desktop 11 | Product(s): | |
| Definition Synopsis: | |||
| Referenced By: | |||
| oval:org.mitre.oval:def:26631 | |||
| Definition Id: oval:org.mitre.oval:def:1368 | |||
| Oval ID: | oval:org.mitre.oval:def:1368 | ||
| Title: | SUSE Linux Enterprise Server 10 is installed | ||
| Description: | SUSE Linux Enterprise Server 10 is installed. | ||
| Family: | unix | Class: | inventory |
| Reference(s): | cpe:/o:novell:suse_linux:10::server | Version: | 6 |
| Platform(s): | SUSE Linux Enterprise Server 10 | Product(s): | |
| Definition Synopsis: | |||
| Referenced By: | |||
| oval:org.mitre.oval:def:26631 | |||
