Upstream information

CVE-2014-7187 at MITRE

Description

Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 10.00
Vector AV:N/AC:L/Au:N/C:C/I:C/A:C
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
SUSE Bugzilla entries: 898603, 898664, 898762, 898812 [RESOLVED], 898884 [RESOLVED], 900057 [RESOLVED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 SP3
  • bash >= 3.2-147.22.1
  • bash-doc >= 3.2-147.22.1
  • libreadline5 >= 5.2-147.22.1
  • libreadline5-32bit >= 5.2-147.22.1
  • readline-doc >= 5.2-147.22.1
Patchnames:
sledsp3-bash
SUSE Linux Enterprise Desktop 12
  • bash >= 4.2-75.2
  • bash-doc >= 4.2-75.2
  • bash-lang >= 4.2-75.2
  • libreadline6 >= 6.2-75.2
  • libreadline6-32bit >= 6.2-75.2
  • readline-doc >= 6.2-75.2
Patchnames:
SUSE Linux Enterprise Desktop 12 GA bash
SUSE Linux Enterprise Desktop 12 SP1
  • bash >= 4.2-75.2
  • bash-doc >= 4.2-75.2
  • bash-lang >= 4.2-75.2
  • libreadline6 >= 6.2-75.2
  • libreadline6-32bit >= 6.2-75.2
  • readline-doc >= 6.2-75.2
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA bash
SUSE Linux Enterprise Desktop 12 SP2
  • bash >= 4.3-78.39
  • bash-doc >= 4.3-78.39
  • bash-lang >= 4.3-78.39
  • libreadline6 >= 6.3-78.39
  • libreadline6-32bit >= 6.3-78.39
  • readline-doc >= 6.3-78.39
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA bash
SUSE Linux Enterprise Server 11 SP1-LTSS
  • bash >= 3.2-147.14.22.1
  • bash-doc >= 3.2-147.14.22.1
  • libreadline5 >= 5.2-147.14.22.1
  • libreadline5-32bit >= 5.2-147.14.22.1
  • readline-doc >= 5.2-147.14.22.1
Patchnames:
slessp1-bash
SUSE Linux Enterprise Server 11 SP2-LTSS
  • bash >= 3.2-147.14.22.1
  • bash-doc >= 3.2-147.14.22.1
  • libreadline5 >= 5.2-147.14.22.1
  • libreadline5-32bit >= 5.2-147.14.22.1
  • readline-doc >= 5.2-147.14.22.1
Patchnames:
slessp2-bash
SUSE Linux Enterprise Server 11 SP3
  • bash >= 3.2-147.22.1
  • bash-doc >= 3.2-147.22.1
  • bash-x86 >= 3.2-147.22.1
  • libreadline5 >= 5.2-147.22.1
  • libreadline5-32bit >= 5.2-147.22.1
  • libreadline5-x86 >= 5.2-147.22.1
  • readline-doc >= 5.2-147.22.1
Patchnames:
slessp3-bash
SUSE Linux Enterprise Server 12 SP2
  • bash >= 4.3-78.39
  • bash-debuginfo >= 4.3-78.39
  • bash-debugsource >= 4.3-78.39
  • bash-doc >= 4.3-78.39
  • libreadline6 >= 6.3-78.39
  • libreadline6-32bit >= 6.3-78.39
  • libreadline6-debuginfo >= 6.3-78.39
  • libreadline6-debuginfo-32bit >= 6.3-78.39
  • readline-doc >= 6.3-78.39
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA bash
SUSE Linux Enterprise Server for VMWare 11 SP3
  • bash >= 3.2-147.22.1
  • bash-doc >= 3.2-147.22.1
  • bash-x86 >= 3.2-147.22.1
  • libreadline5 >= 5.2-147.22.1
  • libreadline5-32bit >= 5.2-147.22.1
  • libreadline5-x86 >= 5.2-147.22.1
  • readline-doc >= 5.2-147.22.1
Patchnames:
slessp3-bash
SUSE Linux Enterprise Software Development Kit 11 SP3
  • libreadline5 >= 5.2-147.22.1
  • readline-devel >= 5.2-147.22.1
  • readline-devel-32bit >= 5.2-147.22.1
Patchnames:
sdksp3-bash
SUSE Manager 1.7
  • bash >= 3.2-147.14.22.1
  • bash-doc >= 3.2-147.14.22.1
  • libreadline5 >= 5.2-147.14.22.1
  • libreadline5-32bit >= 5.2-147.14.22.1
  • readline-doc >= 5.2-147.14.22.1
Patchnames:
sleman17sp2-bash
SUSE Linux Enterprise Software Development Kit 11 SP3
  • libreadline5 >= 5.2-147.22.1
  • readline-devel >= 5.2-147.22.1
Builds
SAT Patch Nr: 9780
SUSE Linux Enterprise Software Development Kit 11 SP3
  • readline-devel >= 5.2-147.22.1
Builds
SAT Patch Nr: 9780
SUSE Linux Enterprise Software Development Kit 11 SP3
  • readline-devel >= 5.2-147.22.1
  • readline-devel-32bit >= 5.2-147.22.1
Builds
SAT Patch Nr: 9780
SUSE Linux Enterprise Software Development Kit 11 SP3
  • libreadline5 >= 5.2-147.22.1
  • readline-devel >= 5.2-147.22.1
  • readline-devel-32bit >= 5.2-147.22.1
Builds
SAT Patch Nr: 9780
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • bash >= 3.2-147.22.1
  • bash-doc >= 3.2-147.22.1
  • libreadline5 >= 5.2-147.22.1
  • readline-doc >= 5.2-147.22.1
Builds
SAT Patch Nr: 9780
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • bash >= 3.2-147.22.1
  • bash-doc >= 3.2-147.22.1
  • libreadline5 >= 5.2-147.22.1
  • libreadline5-32bit >= 5.2-147.22.1
  • readline-doc >= 5.2-147.22.1
Builds
SAT Patch Nr: 9780
SUSE Linux Enterprise Server 11 SP3
  • bash >= 3.2-147.22.1
  • bash-doc >= 3.2-147.22.1
  • bash-x86 >= 3.2-147.22.1
  • libreadline5 >= 5.2-147.22.1
  • libreadline5-x86 >= 5.2-147.22.1
  • readline-doc >= 5.2-147.22.1
Builds
SAT Patch Nr: 9780
SUSE Linux Enterprise Server 10 SP4 LTSS for x86
  • bash >= 3.1-24.34.1
  • readline >= 5.1-24.34.1
  • readline-devel >= 5.1-24.34.1
Builds
ZYPP Patch Nr: 8961
SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T
SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit
  • bash >= 3.1-24.34.1
  • readline >= 5.1-24.34.1
  • readline-32bit >= 5.1-24.34.1
  • readline-devel >= 5.1-24.34.1
  • readline-devel-32bit >= 5.1-24.34.1
Builds
ZYPP Patch Nr: 8961
SUSE Linux Enterprise Server 11 SP2 LTSS
  • bash >= 3.2-147.14.22.1
  • bash-doc >= 3.2-147.14.22.1
  • libreadline5 >= 5.2-147.14.22.1
  • readline-doc >= 5.2-147.14.22.1
Builds
SAT Patch Nr: 9781
SUSE Linux Enterprise Server 11 SP2 LTSS
  • bash >= 3.2-147.14.22.1
  • bash-doc >= 3.2-147.14.22.1
  • libreadline5 >= 5.2-147.14.22.1
  • libreadline5-32bit >= 5.2-147.14.22.1
  • readline-doc >= 5.2-147.14.22.1
Builds
SAT Patch Nr: 9781
SUSE Manager 1.7 for SLE 11 SP2
  • bash >= 3.2-147.14.22.1
  • bash-doc >= 3.2-147.14.22.1
  • libreadline5 >= 5.2-147.14.22.1
  • libreadline5-32bit >= 5.2-147.14.22.1
  • readline-doc >= 5.2-147.14.22.1
Builds
SAT Patch Nr: 9779
SUSE Linux Enterprise Server 10 SP3 LTSS for x86
  • bash >= 3.1-24.34.1
  • readline >= 5.1-24.34.1
  • readline-devel >= 5.1-24.34.1
Builds
ZYPP Patch Nr: 8960
SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T
SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit
  • bash >= 3.1-24.34.1
  • readline >= 5.1-24.34.1
  • readline-32bit >= 5.1-24.34.1
  • readline-devel >= 5.1-24.34.1
  • readline-devel-32bit >= 5.1-24.34.1
Builds
ZYPP Patch Nr: 8960
SUSE Linux Enterprise Server 11 SP1 LTSS
  • bash >= 3.2-147.14.22.1
  • bash-doc >= 3.2-147.14.22.1
  • libreadline5 >= 5.2-147.14.22.1
  • readline-doc >= 5.2-147.14.22.1
Builds
SAT Patch Nr: 9782
SUSE Linux Enterprise Server 11 SP1 LTSS
  • bash >= 3.2-147.14.22.1
  • bash-doc >= 3.2-147.14.22.1
  • libreadline5 >= 5.2-147.14.22.1
  • libreadline5-32bit >= 5.2-147.14.22.1
  • readline-doc >= 5.2-147.14.22.1
Builds
SAT Patch Nr: 9782
openSUSE 12.3
  • bash >= 4.2-61.19.1
  • bash-debuginfo >= 4.2-61.19.1
  • bash-debuginfo-32bit >= 4.2-61.19.1
  • bash-debugsource >= 4.2-61.19.1
  • bash-devel >= 4.2-61.19.1
  • bash-doc >= 4.2-61.19.1
  • bash-lang >= 4.2-61.19.1
  • bash-loadables >= 4.2-61.19.1
  • bash-loadables-debuginfo >= 4.2-61.19.1
  • libreadline6 >= 6.2-61.19.1
  • libreadline6-32bit >= 6.2-61.19.1
  • libreadline6-debuginfo >= 6.2-61.19.1
  • libreadline6-debuginfo-32bit >= 6.2-61.19.1
  • readline-devel >= 6.2-61.19.1
  • readline-devel-32bit >= 6.2-61.19.1
  • readline-doc >= 6.2-61.19.1
Patchnames:
openSUSE-2014-563
openSUSE-2014-594
openSUSE 13.1
  • bash >= 4.2-68.12.1
  • bash-debuginfo >= 4.2-68.12.1
  • bash-debuginfo-32bit >= 4.2-68.12.1
  • bash-debugsource >= 4.2-68.12.1
  • bash-devel >= 4.2-68.12.1
  • bash-doc >= 4.2-68.12.1
  • bash-lang >= 4.2-68.12.1
  • bash-loadables >= 4.2-68.12.1
  • bash-loadables-debuginfo >= 4.2-68.12.1
  • libreadline6 >= 6.2-68.12.1
  • libreadline6-32bit >= 6.2-68.12.1
  • libreadline6-debuginfo >= 6.2-68.12.1
  • libreadline6-debuginfo-32bit >= 6.2-68.12.1
  • readline-devel >= 6.2-68.12.1
  • readline-devel-32bit >= 6.2-68.12.1
  • readline-doc >= 6.2-68.12.1
Patchnames:
openSUSE-2014-564
openSUSE-2014-595
openSUSE 13.2
  • bash >= 4.2-75.3.1
  • bash-doc >= 4.2-75.3.1
  • libreadline6 >= 6.2-75.3.1
  • readline-devel >= 6.2-75.3.1
  • readline-doc >= 6.2-75.3.1
Patchnames:
openSUSE 13.2 GA bash
openSUSE Leap 42.1
  • bash >= 4.2-76.4
  • bash-doc >= 4.2-76.4
  • bash-lang >= 4.2-76.4
  • libreadline6 >= 6.2-76.4
  • readline-devel >= 6.2-76.4
  • readline-doc >= 6.2-76.4
Patchnames:
openSUSE Leap 42.1 GA bash
openSUSE Leap 42.2
  • bash >= 4.3-79.15
  • bash-doc >= 4.3-79.15
  • bash-lang >= 4.3-79.15
  • libreadline6 >= 6.3-79.15
  • readline-devel >= 6.3-79.15
  • readline-doc >= 6.3-79.15
Patchnames:
openSUSE Leap 42.2 GA bash