Upstream information

CVE-2014-7169 at MITRE

Description

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 10.00
Vector AV:N/AC:L/Au:N/C:C/I:C/A:C
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
SUSE Bugzilla entries: 896776 [NEW], 898346, 898664, 898762, 898812 [RESOLVED], 898884 [RESOLVED], 899266, 900057 [RESOLVED], 900127 [RESOLVED], 900454 [RESOLVED], 902237, 926146 [RESOLVED / ]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 SP3
  • bash >= 3.2-147.22.1
  • bash-doc >= 3.2-147.22.1
  • libreadline5 >= 5.2-147.22.1
  • libreadline5-32bit >= 5.2-147.22.1
  • readline-doc >= 5.2-147.22.1
Patchnames:
sledsp3-bash
SUSE Linux Enterprise Server 11 SP1-LTSS
  • bash >= 3.2-147.14.22.1
  • bash-doc >= 3.2-147.14.22.1
  • libreadline5 >= 5.2-147.14.22.1
  • libreadline5-32bit >= 5.2-147.14.22.1
  • readline-doc >= 5.2-147.14.22.1
Patchnames:
slessp1-bash
SUSE Linux Enterprise Server 11 SP2-LTSS
  • bash >= 3.2-147.14.22.1
  • bash-doc >= 3.2-147.14.22.1
  • libreadline5 >= 5.2-147.14.22.1
  • libreadline5-32bit >= 5.2-147.14.22.1
  • readline-doc >= 5.2-147.14.22.1
Patchnames:
slessp2-bash
SUSE Linux Enterprise Server 11 SP3
  • bash >= 3.2-147.22.1
  • bash-doc >= 3.2-147.22.1
  • bash-x86 >= 3.2-147.22.1
  • libreadline5 >= 5.2-147.22.1
  • libreadline5-32bit >= 5.2-147.22.1
  • libreadline5-x86 >= 5.2-147.22.1
  • readline-doc >= 5.2-147.22.1
Patchnames:
slessp3-bash
SUSE Linux Enterprise Server for VMWare 11 SP3
  • bash >= 3.2-147.22.1
  • bash-doc >= 3.2-147.22.1
  • bash-x86 >= 3.2-147.22.1
  • libreadline5 >= 5.2-147.22.1
  • libreadline5-32bit >= 5.2-147.22.1
  • libreadline5-x86 >= 5.2-147.22.1
  • readline-doc >= 5.2-147.22.1
Patchnames:
slessp3-bash
SUSE Linux Enterprise Software Development Kit 11 SP3
  • libreadline5 >= 5.2-147.22.1
  • readline-devel >= 5.2-147.22.1
  • readline-devel-32bit >= 5.2-147.22.1
Patchnames:
sdksp3-bash
SUSE Manager 1.7
  • bash >= 3.2-147.14.22.1
  • bash-doc >= 3.2-147.14.22.1
  • libreadline5 >= 5.2-147.14.22.1
  • libreadline5-32bit >= 5.2-147.14.22.1
  • readline-doc >= 5.2-147.14.22.1
Patchnames:
sleman17sp2-bash
SUSE Studio Onsite 1.3
  • Containment-Studio-SLE11_SP1 >= 4.85.108-20141006120850
  • Containment-Studio-SLE11_SP3 >= 5.04.108-20141006122525
Patchnames:
slestso13-Containment-201410
SUSE Linux Enterprise Software Development Kit 11 SP3
  • libreadline5 >= 5.2-147.22.1
  • readline-devel >= 5.2-147.22.1
Builds
SAT Patch Nr: 9780
SUSE Linux Enterprise Software Development Kit 11 SP3
  • readline-devel >= 5.2-147.22.1
Builds
SAT Patch Nr: 9780
SUSE Linux Enterprise Software Development Kit 11 SP3
  • readline-devel >= 5.2-147.22.1
  • readline-devel-32bit >= 5.2-147.22.1
Builds
SAT Patch Nr: 9780
SUSE Linux Enterprise Software Development Kit 11 SP3
  • libreadline5 >= 5.2-147.22.1
  • readline-devel >= 5.2-147.22.1
  • readline-devel-32bit >= 5.2-147.22.1
Builds
SAT Patch Nr: 9780
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • bash >= 3.2-147.22.1
  • bash-doc >= 3.2-147.22.1
  • libreadline5 >= 5.2-147.22.1
  • readline-doc >= 5.2-147.22.1
Builds
SAT Patch Nr: 9780
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • bash >= 3.2-147.22.1
  • bash-doc >= 3.2-147.22.1
  • libreadline5 >= 5.2-147.22.1
  • libreadline5-32bit >= 5.2-147.22.1
  • readline-doc >= 5.2-147.22.1
Builds
SAT Patch Nr: 9780
SUSE Linux Enterprise Server 11 SP3
  • bash >= 3.2-147.22.1
  • bash-doc >= 3.2-147.22.1
  • bash-x86 >= 3.2-147.22.1
  • libreadline5 >= 5.2-147.22.1
  • libreadline5-x86 >= 5.2-147.22.1
  • readline-doc >= 5.2-147.22.1
Builds
SAT Patch Nr: 9780
SUSE Linux Enterprise Server 10 SP4 LTSS for x86
  • bash >= 3.1-24.34.1
  • readline >= 5.1-24.34.1
  • readline-devel >= 5.1-24.34.1
Builds
ZYPP Patch Nr: 8961
SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T
SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit
  • bash >= 3.1-24.34.1
  • readline >= 5.1-24.34.1
  • readline-32bit >= 5.1-24.34.1
  • readline-devel >= 5.1-24.34.1
  • readline-devel-32bit >= 5.1-24.34.1
Builds
ZYPP Patch Nr: 8961
SUSE Studio Onsite 1.3
  • Containment-Studio-SLE11_SP1 >= 4.85.108-20141006120850
  • Containment-Studio-SLE11_SP3 >= 5.04.108-20141006122525
Builds
SAT Patch Nr: 9833
SUSE Linux Enterprise Server 11 SP2 LTSS
  • bash >= 3.2-147.14.22.1
  • bash-doc >= 3.2-147.14.22.1
  • libreadline5 >= 5.2-147.14.22.1
  • readline-doc >= 5.2-147.14.22.1
Builds
SAT Patch Nr: 9781
SUSE Linux Enterprise Server 11 SP2 LTSS
  • bash >= 3.2-147.14.22.1
  • bash-doc >= 3.2-147.14.22.1
  • libreadline5 >= 5.2-147.14.22.1
  • libreadline5-32bit >= 5.2-147.14.22.1
  • readline-doc >= 5.2-147.14.22.1
Builds
SAT Patch Nr: 9781
SUSE Manager 1.7 for SLE 11 SP2
  • bash >= 3.2-147.14.22.1
  • bash-doc >= 3.2-147.14.22.1
  • libreadline5 >= 5.2-147.14.22.1
  • libreadline5-32bit >= 5.2-147.14.22.1
  • readline-doc >= 5.2-147.14.22.1
Builds
SAT Patch Nr: 9779
SUSE Linux Enterprise Server 10 SP3 LTSS for x86
  • bash >= 3.1-24.34.1
  • readline >= 5.1-24.34.1
  • readline-devel >= 5.1-24.34.1
Builds
ZYPP Patch Nr: 8960
SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T
SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit
  • bash >= 3.1-24.34.1
  • readline >= 5.1-24.34.1
  • readline-32bit >= 5.1-24.34.1
  • readline-devel >= 5.1-24.34.1
  • readline-devel-32bit >= 5.1-24.34.1
Builds
ZYPP Patch Nr: 8960
SUSE Linux Enterprise Server 11 SP1 LTSS
  • bash >= 3.2-147.14.22.1
  • bash-doc >= 3.2-147.14.22.1
  • libreadline5 >= 5.2-147.14.22.1
  • readline-doc >= 5.2-147.14.22.1
Builds
SAT Patch Nr: 9782
SUSE Linux Enterprise Server 11 SP1 LTSS
  • bash >= 3.2-147.14.22.1
  • bash-doc >= 3.2-147.14.22.1
  • libreadline5 >= 5.2-147.14.22.1
  • libreadline5-32bit >= 5.2-147.14.22.1
  • readline-doc >= 5.2-147.14.22.1
Builds
SAT Patch Nr: 9782
openSUSE 12.3
  • bash >= 4.2-61.19.1
  • bash-debuginfo >= 4.2-61.19.1
  • bash-debuginfo-32bit >= 4.2-61.19.1
  • bash-debugsource >= 4.2-61.19.1
  • bash-devel >= 4.2-61.19.1
  • bash-doc >= 4.2-61.19.1
  • bash-lang >= 4.2-61.19.1
  • bash-loadables >= 4.2-61.19.1
  • bash-loadables-debuginfo >= 4.2-61.19.1
  • libreadline6 >= 6.2-61.19.1
  • libreadline6-32bit >= 6.2-61.19.1
  • libreadline6-debuginfo >= 6.2-61.19.1
  • libreadline6-debuginfo-32bit >= 6.2-61.19.1
  • readline-devel >= 6.2-61.19.1
  • readline-devel-32bit >= 6.2-61.19.1
  • readline-doc >= 6.2-61.19.1
Patchnames:
openSUSE-2014-563
openSUSE-2014-594
openSUSE 13.1
  • bash >= 4.2-68.12.1
  • bash-debuginfo >= 4.2-68.12.1
  • bash-debuginfo-32bit >= 4.2-68.12.1
  • bash-debugsource >= 4.2-68.12.1
  • bash-devel >= 4.2-68.12.1
  • bash-doc >= 4.2-68.12.1
  • bash-lang >= 4.2-68.12.1
  • bash-loadables >= 4.2-68.12.1
  • bash-loadables-debuginfo >= 4.2-68.12.1
  • libreadline6 >= 6.2-68.12.1
  • libreadline6-32bit >= 6.2-68.12.1
  • libreadline6-debuginfo >= 6.2-68.12.1
  • libreadline6-debuginfo-32bit >= 6.2-68.12.1
  • readline-devel >= 6.2-68.12.1
  • readline-devel-32bit >= 6.2-68.12.1
  • readline-doc >= 6.2-68.12.1
Patchnames:
openSUSE-2014-564
openSUSE-2014-595
openSUSE 13.2
  • bash >= 4.2-75.3.1
  • bash-doc >= 4.2-75.3.1
  • libreadline6 >= 6.2-75.3.1
  • readline-devel >= 6.2-75.3.1
  • readline-doc >= 6.2-75.3.1
Patchnames:
openSUSE 13.2 GA bash
openSUSE Leap 42.1
  • bash >= 4.2-76.4
  • bash-doc >= 4.2-76.4
  • bash-lang >= 4.2-76.4
  • libreadline6 >= 6.2-76.4
  • readline-devel >= 6.2-76.4
  • readline-doc >= 6.2-76.4
Patchnames:
openSUSE Leap 42.1 GA bash
openSUSE Leap 42.2
  • bash >= 4.3-79.15
  • bash-doc >= 4.3-79.15
  • bash-lang >= 4.3-79.15
  • libreadline6 >= 6.3-79.15
  • readline-devel >= 6.3-79.15
  • readline-doc >= 6.3-79.15
Patchnames:
openSUSE Leap 42.2 GA bash