bash 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1412233220
업데이트 : 2014.10.02
상세내용
. 보안 이슈
- fixed CVE-2014-7186
GNU Bash through 4.3 bash43-025 processes trailing strings after
certain malformed function definitions in the values of environment
variables, which allows remote attackers to write to files or
possibly have unknown other impact via a crafted environment, as
demonstrated by vectors involving the ForceCommand feature in
OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache
HTTP Server, scripts executed by unspecified DHCP clients, and
other situations in which setting the environment occurs across
a privilege boundary from Bash execution. NOTE: this vulnerability
exists because of an incomplete fix for CVE-2014-6271.
Autoupdates 지원 : 지원
update 패키지
RPMS :
. bash-3.0-27.2.i686.rpm
SRPMS :
. bash-3.0-27.2.src.rpm
참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
|