- Subject: [upki-fed:00856] Bash�$B$N@H
- Date: Fri, 26 Sep 2014 15:32:16 +0900
- From: �$B9qN)>pJs3X8&5f=j!!3XG';vL36I!!LnED�(B <xxxxxxxxxxxxxx@xxxxxxxxx>
�$B3F0L�(B
�$B!!9qN)>pJs3X8&5f=j!&3XG';vL36I$G$9!#�(B
�$BJ?AG$h$j3XG'$N;v6H$K$46(NO$r;r$j!$$"$j$,$H$&$4$6$$$^$9!#�(B
�$B!!�(BBash�$B$K4X$9$k@H$C$F9=C[$7$?�(BIdP/SP�$B<+?H$,�(BBash�$B$r8F$S=P$9$3$H$O$"$j$^$;�(B
�$B$s$,!$F15o$7$F$$$k�(BWeb�$B%"%W%j%1!<%7%g%s$dB>$N�(BCGI�$B%9%/%j%W%HEy$rG[CV$7$F$$�(B
�$B$k>l9g$KK\@HJ}$,=$�(B
�$B@5$5$l$?%Q%C%1!<%8$G$9!#�(B
�$B!&�(BCentOS 5
bash-3.2-33.el5_10.4 �$B$*$h$S$=$l0J9_$N%P!<%8%g%s�(B
�$B!&�(BCentOS 6
bash-4.1.2-15.el6_5.2 �$B$*$h$S$=$l0J9_$N%P!<%8%g%s�(B
�$B$=$NB>$N%G%#%9%H%j%S%e!<%7%g%s$r$4MxMQ$NJ}$O!$3F%G%#%9%H%j%S%e!<%?$N>p�(B
�$BJs$r$4;2>H$/$@$5$$!#�(B
�$B;29M>pJs!'�(B
�$B!&�(BBash Code Injection Vulnerability via Specially Crafted Environment
Variables (CVE-2014-6271, CVE-2014-7169)
https://access.redhat.com/articles/1200223
�$B!&�(BCVE-2014-6271 bash: specially-crafted environment variables can be
used to inject shell commands
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6271
�$B!&�(BCVE-2014-7169 bash: code execution via specially-crafted environment
(Incomplete fix for CVE-2014-6271)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-7169
�$B!&�(BCVE-2014-6271
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
�$B!&�(BCVE-2014-7169
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169
--
=========================================================
�$B!!9qN)>pJs3X8&5f=j�(B �$B3X=Q4pHW2]�(B �$B3XG';vL36I!!!JC4Ev!'LnED!K�(B
�$B!!�(BTEL�$B!'�(B03-4212-2218�$B!!�(xxxxxxxxxxxxxxx@xxxxxxxxx
�$B!!3XG'�(BWeb�$B%Z!<%8�(B https://www.gakunin.jp/
�$B!!?=@A%7%9%F%`�(B https://office.gakunin.nii.ac.jp/
=========================================================