Upstream information

CVE-2014-6271 at MITRE

Description

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 10.00
Vector AV:N/AC:L/Au:N/C:C/I:C/A:C
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete

Note from the SUSE Security Team

Please also check out a SUSE overview page: Shellshock Information by SUSE.

SUSE Bugzilla entries: 896776 [NEW], 898346, 898604 [RESOLVED / ], 898664, 898762, 898812 [RESOLVED], 898884 [RESOLVED], 900057 [RESOLVED], 900127 [RESOLVED], 900454 [RESOLVED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 SP3
  • bash >= 3.2-147.20.1
  • bash-doc >= 3.2-147.20.1
  • libreadline5 >= 5.2-147.20.1
  • libreadline5-32bit >= 5.2-147.20.1
  • readline-doc >= 5.2-147.20.1
Patchnames:
sledsp3-bash
SUSE Linux Enterprise Server 11 SP1-LTSS
  • bash >= 3.2-147.14.20.1
  • bash-doc >= 3.2-147.14.20.1
  • libreadline5 >= 5.2-147.14.20.1
  • libreadline5-32bit >= 5.2-147.14.20.1
  • readline-doc >= 5.2-147.14.20.1
Patchnames:
slessp1-bash
SUSE Linux Enterprise Server 11 SP2-LTSS
  • bash >= 3.2-147.14.20.1
  • bash-doc >= 3.2-147.14.20.1
  • libreadline5 >= 5.2-147.14.20.1
  • libreadline5-32bit >= 5.2-147.14.20.1
  • readline-doc >= 5.2-147.14.20.1
Patchnames:
slessp2-bash
SUSE Linux Enterprise Server 11 SP3
  • bash >= 3.2-147.20.1
  • bash-doc >= 3.2-147.20.1
  • bash-x86 >= 3.2-147.22.1
  • libreadline5 >= 5.2-147.20.1
  • libreadline5-32bit >= 5.2-147.20.1
  • libreadline5-x86 >= 5.2-147.22.1
  • readline-doc >= 5.2-147.20.1
Patchnames:
slessp3-bash
SUSE Linux Enterprise Server for VMWare 11 SP3
  • bash >= 3.2-147.20.1
  • bash-doc >= 3.2-147.20.1
  • bash-x86 >= 3.2-147.22.1
  • libreadline5 >= 5.2-147.20.1
  • libreadline5-32bit >= 5.2-147.20.1
  • libreadline5-x86 >= 5.2-147.22.1
  • readline-doc >= 5.2-147.20.1
Patchnames:
slessp3-bash
SUSE Linux Enterprise Software Development Kit 11 SP3
  • libreadline5 >= 5.2-147.20.1
  • readline-devel >= 5.2-147.20.1
  • readline-devel-32bit >= 5.2-147.20.1
Patchnames:
sdksp3-bash
SUSE Manager 1.7
  • bash >= 3.2-147.14.20.1
  • bash-doc >= 3.2-147.14.20.1
  • libreadline5 >= 5.2-147.14.20.1
  • libreadline5-32bit >= 5.2-147.14.20.1
  • readline-doc >= 5.2-147.14.20.1
Patchnames:
sleman17sp2-bash
SUSE Studio Onsite 1.3
  • Containment-Studio-SLE11_SP1 >= 4.85.108-20141006120850
  • Containment-Studio-SLE11_SP3 >= 5.04.108-20141006122525
Patchnames:
slestso13-Containment-201410
SUSE Linux Enterprise Software Development Kit 11 SP3
  • libreadline5 >= 5.2-147.22.1
  • readline-devel >= 5.2-147.22.1
Builds
SAT Patch Nr: 9780
SUSE Linux Enterprise Software Development Kit 11 SP3
  • readline-devel >= 5.2-147.22.1
Builds
SAT Patch Nr: 9780
SUSE Linux Enterprise Software Development Kit 11 SP3
  • readline-devel >= 5.2-147.22.1
  • readline-devel-32bit >= 5.2-147.22.1
Builds
SAT Patch Nr: 9780
SUSE Linux Enterprise Software Development Kit 11 SP3
  • libreadline5 >= 5.2-147.22.1
  • readline-devel >= 5.2-147.22.1
  • readline-devel-32bit >= 5.2-147.22.1
Builds
SAT Patch Nr: 9780
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • bash >= 3.2-147.22.1
  • bash-doc >= 3.2-147.22.1
  • libreadline5 >= 5.2-147.22.1
  • readline-doc >= 5.2-147.22.1
Builds
SAT Patch Nr: 9780
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • bash >= 3.2-147.22.1
  • bash-doc >= 3.2-147.22.1
  • libreadline5 >= 5.2-147.22.1
  • libreadline5-32bit >= 5.2-147.22.1
  • readline-doc >= 5.2-147.22.1
Builds
SAT Patch Nr: 9780
SUSE Linux Enterprise Server 11 SP3
  • bash >= 3.2-147.22.1
  • bash-doc >= 3.2-147.22.1
  • bash-x86 >= 3.2-147.22.1
  • libreadline5 >= 5.2-147.22.1
  • libreadline5-x86 >= 5.2-147.22.1
  • readline-doc >= 5.2-147.22.1
Builds
SAT Patch Nr: 9780
SUSE Linux Enterprise Server 11 SP2 LTSS
  • bash >= 3.2-147.14.20.1
  • bash-doc >= 3.2-147.14.20.1
  • libreadline5 >= 5.2-147.14.20.1
  • readline-doc >= 5.2-147.14.20.1
Builds
SAT Patch Nr: 9736
SUSE Linux Enterprise Server 11 SP2 LTSS
  • bash >= 3.2-147.14.20.1
  • bash-doc >= 3.2-147.14.20.1
  • libreadline5 >= 5.2-147.14.20.1
  • libreadline5-32bit >= 5.2-147.14.20.1
  • readline-doc >= 5.2-147.14.20.1
Builds
SAT Patch Nr: 9736
SUSE Linux Enterprise Server 10 SP4 LTSS for x86
  • bash >= 3.1-24.34.1
  • readline >= 5.1-24.34.1
  • readline-devel >= 5.1-24.34.1
Builds
ZYPP Patch Nr: 8961
SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T
SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit
  • bash >= 3.1-24.34.1
  • readline >= 5.1-24.34.1
  • readline-32bit >= 5.1-24.34.1
  • readline-devel >= 5.1-24.34.1
  • readline-devel-32bit >= 5.1-24.34.1
Builds
ZYPP Patch Nr: 8961
SUSE Studio Onsite 1.3
  • Containment-Studio-SLE11_SP1 >= 4.85.108-20141006120850
  • Containment-Studio-SLE11_SP3 >= 5.04.108-20141006122525
Builds
SAT Patch Nr: 9833
SUSE Linux Enterprise Server 11 SP1 LTSS
  • bash >= 3.2-147.14.20.1
  • bash-doc >= 3.2-147.14.20.1
  • libreadline5 >= 5.2-147.14.20.1
  • readline-doc >= 5.2-147.14.20.1
Builds
SAT Patch Nr: 9738
SUSE Linux Enterprise Server 11 SP1 LTSS
  • bash >= 3.2-147.14.20.1
  • bash-doc >= 3.2-147.14.20.1
  • libreadline5 >= 5.2-147.14.20.1
  • libreadline5-32bit >= 5.2-147.14.20.1
  • readline-doc >= 5.2-147.14.20.1
Builds
SAT Patch Nr: 9738
SUSE Linux Enterprise Server 10 SP4 LTSS for x86
  • bash >= 3.1-24.32.1
  • readline >= 5.1-24.32.1
  • readline-devel >= 5.1-24.32.1
Builds
ZYPP Patch Nr: 8950
SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T
SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit
  • bash >= 3.1-24.32.1
  • readline >= 5.1-24.32.1
  • readline-32bit >= 5.1-24.32.1
  • readline-devel >= 5.1-24.32.1
  • readline-devel-32bit >= 5.1-24.32.1
Builds
ZYPP Patch Nr: 8950
SUSE Manager 1.7 for SLE 11 SP2
  • bash >= 3.2-147.14.20.1
  • bash-doc >= 3.2-147.14.20.1
  • libreadline5 >= 5.2-147.14.20.1
  • libreadline5-32bit >= 5.2-147.14.20.1
  • readline-doc >= 5.2-147.14.20.1
Builds
SAT Patch Nr: 9764
SUSE Linux Enterprise Server 11 SP2 LTSS
  • bash >= 3.2-147.14.22.1
  • bash-doc >= 3.2-147.14.22.1
  • libreadline5 >= 5.2-147.14.22.1
  • readline-doc >= 5.2-147.14.22.1
Builds
SAT Patch Nr: 9781
SUSE Linux Enterprise Server 11 SP2 LTSS
  • bash >= 3.2-147.14.22.1
  • bash-doc >= 3.2-147.14.22.1
  • libreadline5 >= 5.2-147.14.22.1
  • libreadline5-32bit >= 5.2-147.14.22.1
  • readline-doc >= 5.2-147.14.22.1
Builds
SAT Patch Nr: 9781
SUSE Manager 1.7 for SLE 11 SP2
  • bash >= 3.2-147.14.22.1
  • bash-doc >= 3.2-147.14.22.1
  • libreadline5 >= 5.2-147.14.22.1
  • libreadline5-32bit >= 5.2-147.14.22.1
  • readline-doc >= 5.2-147.14.22.1
Builds
SAT Patch Nr: 9779
SUSE Linux Enterprise Server 10 SP3 LTSS for x86
  • bash >= 3.1-24.34.1
  • readline >= 5.1-24.34.1
  • readline-devel >= 5.1-24.34.1
Builds
ZYPP Patch Nr: 8960
SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T
SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit
  • bash >= 3.1-24.34.1
  • readline >= 5.1-24.34.1
  • readline-32bit >= 5.1-24.34.1
  • readline-devel >= 5.1-24.34.1
  • readline-devel-32bit >= 5.1-24.34.1
Builds
ZYPP Patch Nr: 8960
SUSE Linux Enterprise Software Development Kit 11 SP3
  • libreadline5 >= 5.2-147.20.1
  • readline-devel >= 5.2-147.20.1
Builds
SAT Patch Nr: 9740
SUSE Linux Enterprise Software Development Kit 11 SP3
  • readline-devel >= 5.2-147.20.1
Builds
SAT Patch Nr: 9740
SUSE Linux Enterprise Software Development Kit 11 SP3
  • readline-devel >= 5.2-147.20.1
  • readline-devel-32bit >= 5.2-147.20.1
Builds
SAT Patch Nr: 9740
SUSE Linux Enterprise Software Development Kit 11 SP3
  • libreadline5 >= 5.2-147.20.1
  • readline-devel >= 5.2-147.20.1
  • readline-devel-32bit >= 5.2-147.20.1
Builds
SAT Patch Nr: 9740
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • bash >= 3.2-147.20.1
  • bash-doc >= 3.2-147.20.1
  • libreadline5 >= 5.2-147.20.1
  • readline-doc >= 5.2-147.20.1
Builds
SAT Patch Nr: 9740
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • bash >= 3.2-147.20.1
  • bash-doc >= 3.2-147.20.1
  • libreadline5 >= 5.2-147.20.1
  • libreadline5-32bit >= 5.2-147.20.1
  • readline-doc >= 5.2-147.20.1
Builds
SAT Patch Nr: 9740
SUSE Linux Enterprise Server 11 SP3
  • bash >= 3.2-147.20.1
  • bash-doc >= 3.2-147.20.1
  • bash-x86 >= 3.2-147.20.1
  • libreadline5 >= 5.2-147.20.1
  • libreadline5-x86 >= 5.2-147.20.1
  • readline-doc >= 5.2-147.20.1
Builds
SAT Patch Nr: 9740
SUSE Linux Enterprise Server 11 SP1 LTSS
  • bash >= 3.2-147.14.22.1
  • bash-doc >= 3.2-147.14.22.1
  • libreadline5 >= 5.2-147.14.22.1
  • readline-doc >= 5.2-147.14.22.1
Builds
SAT Patch Nr: 9782
SUSE Linux Enterprise Server 11 SP1 LTSS
  • bash >= 3.2-147.14.22.1
  • bash-doc >= 3.2-147.14.22.1
  • libreadline5 >= 5.2-147.14.22.1
  • libreadline5-32bit >= 5.2-147.14.22.1
  • readline-doc >= 5.2-147.14.22.1
Builds
SAT Patch Nr: 9782
SUSE Linux Enterprise Server 10 SP3 LTSS for x86
  • bash >= 3.1-24.32.1
  • readline >= 5.1-24.32.1
  • readline-devel >= 5.1-24.32.1
Builds
ZYPP Patch Nr: 8951
SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T
SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit
  • bash >= 3.1-24.32.1
  • readline >= 5.1-24.32.1
  • readline-32bit >= 5.1-24.32.1
  • readline-devel >= 5.1-24.32.1
  • readline-devel-32bit >= 5.1-24.32.1
Builds
ZYPP Patch Nr: 8951
openSUSE 12.3
  • bash >= 4.2-61.19.1
  • bash-debuginfo >= 4.2-61.19.1
  • bash-debuginfo-32bit >= 4.2-61.19.1
  • bash-debugsource >= 4.2-61.19.1
  • bash-devel >= 4.2-61.19.1
  • bash-doc >= 4.2-61.19.1
  • bash-lang >= 4.2-61.19.1
  • bash-loadables >= 4.2-61.19.1
  • bash-loadables-debuginfo >= 4.2-61.19.1
  • libreadline6 >= 6.2-61.19.1
  • libreadline6-32bit >= 6.2-61.19.1
  • libreadline6-debuginfo >= 6.2-61.19.1
  • libreadline6-debuginfo-32bit >= 6.2-61.19.1
  • readline-devel >= 6.2-61.19.1
  • readline-devel-32bit >= 6.2-61.19.1
  • readline-doc >= 6.2-61.19.1
Patchnames:
openSUSE-2014-559
openSUSE-2014-594
openSUSE 13.1
  • bash >= 4.2-68.12.1
  • bash-debuginfo >= 4.2-68.12.1
  • bash-debuginfo-32bit >= 4.2-68.12.1
  • bash-debugsource >= 4.2-68.12.1
  • bash-devel >= 4.2-68.12.1
  • bash-doc >= 4.2-68.12.1
  • bash-lang >= 4.2-68.12.1
  • bash-loadables >= 4.2-68.12.1
  • bash-loadables-debuginfo >= 4.2-68.12.1
  • libreadline6 >= 6.2-68.12.1
  • libreadline6-32bit >= 6.2-68.12.1
  • libreadline6-debuginfo >= 6.2-68.12.1
  • libreadline6-debuginfo-32bit >= 6.2-68.12.1
  • readline-devel >= 6.2-68.12.1
  • readline-devel-32bit >= 6.2-68.12.1
  • readline-doc >= 6.2-68.12.1
Patchnames:
openSUSE-2014-559
openSUSE-2014-595
openSUSE Evergreen 11.4
  • bash >= 4.1-20.31.1
  • bash-debuginfo >= 4.1-20.31.1
  • bash-debuginfo-32bit >= 4.1-20.31.1
  • bash-debuginfo-x86 >= 4.1-20.31.1
  • bash-debugsource >= 4.1-20.31.1
  • bash-devel >= 4.1-18.31.1
  • bash-doc >= 4.1-18.31.1
  • bash-lang >= 4.1-20.31.1
  • bash-loadables >= 4.1-18.31.1
  • bash-loadables-debuginfo >= 4.1-18.31.1
  • bash-x86 >= 4.1-20.31.1
  • libreadline6 >= 6.1-18.31.1
  • libreadline6-32bit >= 6.1-18.31.1
  • libreadline6-debuginfo >= 6.1-18.31.1
  • libreadline6-debuginfo-32bit >= 6.1-18.31.1
  • libreadline6-debuginfo-x86 >= 6.1-18.31.1
  • libreadline6-x86 >= 6.1-18.31.1
  • readline-devel >= 6.1-18.31.1
  • readline-devel-32bit >= 6.1-18.31.1
  • readline-doc >= 6.1-18.31.1
Patchnames:
2014-86