FEDORA-2014-11295 created by ooprala 6 years ago for Fedora 21
stable

Disclosure - http://www.openwall.com/lists/oss-security/2014/09/24/10

Behaviour prior to patch:

$ env x='() { :;}; echo OOPS' bash -c /usr/sbin/nologin OOPS This account is currently not available.

How to install

sudo dnf upgrade --advisory=FEDORA-2014-11295

This update has been submitted for testing by ooprala. This critical path update has not yet been approved for pushing to the stable repository. It must first reach a karma of 2, consisting of 0 positive karma from proventesters, along with 2 additional karma from the community. Or, it must spend 14 days in testing without any negative feedback

6 years ago
User Icon jsmith commented & provided feedback 6 years ago
karma

Tested on my primary machine, patch seems to be working fine. Testing reveals no issues.

Critical path update approved

6 years ago

AutoQA: depcheck test PASSED on i386. Result log: http://autoqa.fedoraproject.org/report/1habl (results are informative only)

AutoQA: depcheck test PASSED on x86_64. Result log: http://autoqa.fedoraproject.org/report/1habq (results are informative only)

User Icon mattdm commented & provided feedback 6 years ago
karma

Tested on Fedora 21 cloud image. Works for me, and behavior test now gives an error instead of outputting "OOPS"

User Icon sgallagh commented & provided feedback 6 years ago
karma

I tested on Fedora 21 Workstation. Test now gives the error: bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' This account is currently not available.

This update has reached the stable karma threshold and will be pushed to the stable updates repository

6 years ago

AutoQA: upgradepath test PASSED on noarch. Result log: http://autoqa.fedoraproject.org/report/1hafi (results are informative only)

This update has been submitted for testing by ausil.

6 years ago

pushing to testing to get into users hands faster

AutoQA: depcheck test PASSED on i386. Result log: http://autoqa.fedoraproject.org/report/1hahj (results are informative only)

AutoQA: upgradepath test PASSED on noarch. Result log: http://autoqa.fedoraproject.org/report/1haho (results are informative only)

AutoQA: depcheck test PASSED on x86_64. Result log: http://autoqa.fedoraproject.org/report/1hahs (results are informative only)

User Icon spstarr commented & provided feedback 6 years ago
karma

The code fragment gives me the expected error.

This update is currently being pushed to the Fedora 21 testing updates repository.

6 years ago

This update has been pushed to testing

6 years ago
User Icon mstevens commented & provided feedback 6 years ago
karma

works fine

User Icon nonamedotc commented & provided feedback 6 years ago
karma

looks good to me

This update has reached the stable karma threshold and will be pushed to the stable updates repository

6 years ago
User Icon pnemade commented & provided feedback 6 years ago
karma

I see this is fixed. After updating I see error instead of OOPS

User Icon smittix commented & provided feedback 6 years ago
karma

Working fine here.

AutoQA: depcheck test PASSED on i386. Result log: http://autoqa.fedoraproject.org/report/1hbb4 (results are informative only)

AutoQA: upgradepath test PASSED on noarch. Result log: http://autoqa.fedoraproject.org/report/1hbb5 (results are informative only)

AutoQA: depcheck test PASSED on x86_64. Result log: http://autoqa.fedoraproject.org/report/1hbbb (results are informative only)

User Icon jsmith commented & provided feedback 6 years ago
karma

The fix in this package is incomplete, and so CVE 2014-7169 has been opened to make sure the fix is fully complete.

User Icon smittix commented & provided feedback 6 years ago
karma

incomplete fix for CVE-2014-6271 - New CVE opened CVE-2014-7169

User Icon pingou commented & provided feedback 6 years ago
karma

WFM

This update is currently being pushed to the Fedora 21 stable updates repository.

6 years ago

This update has been pushed to stable

6 years ago

Please login to add feedback.

Metadata
Type
security
Karma
5
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
6 years ago
in testing
6 years ago
in stable
6 years ago
modified
6 years ago
BZ#1141597 CVE-2014-6271 bash: specially-crafted environment variables can be used to inject shell commands
0
0

Automated Test Results