USN-2364-1

See a problem?

Source

https://ubuntu.com/security/notices/USN-2364-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2364-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-2364-1

Related

CVE-2014-7186
CVE-2014-7187
UBUNTU-CVE-2014-7186
UBUNTU-CVE-2014-7187

Published

2014-09-27T09:05:01.884700Z

Modified

2014-09-27T09:05:01.884700Z

Summary

bash vulnerabilities

Details

Florian Weimer and Todd Sabin discovered that the Bash parser incorrectly handled memory. An attacker could possibly use this issue to bypass certain environment restrictions and execute arbitrary code. (CVE-2014-7186, CVE-2014-7187)

In addition, this update introduces a hardening measure which adds prefixes and suffixes around environment variable names which contain shell functions.

References

Affected packages

Ubuntu:14.04:LTS / bash

Package

Name: bash
Purl: pkg:deb/ubuntu/bash@4.3-7ubuntu1.4?arch=src?distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3-7ubuntu1.4

Affected versions

4.*

4.2-5ubuntu3

4.3-1ubuntu2

4.3-2ubuntu1

4.3-3ubuntu1

4.3-4ubuntu1

4.3-4ubuntu2

4.3-6ubuntu1

4.3-7ubuntu1

4.3-7ubuntu1.1

4.3-7ubuntu1.2

4.3-7ubuntu1.3

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "bash-builtins": "4.3-7ubuntu1.4",
            "bash": "4.3-7ubuntu1.4",
            "bash-doc": "4.3-7ubuntu1.4",
            "bash-static": "4.3-7ubuntu1.4"
        }
    ]
}