ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2014.0394
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2014-0394)
Resumen:	The remote host is missing an update for the 'bash' package(s) announced via the MGASA-2014-0394 advisory.
Descripción:	Summary: The remote host is missing an update for the 'bash' package(s) announced via the MGASA-2014-0394 advisory. Vulnerability Insight: Updated bash packages fix security vulnerabilities: Bash has been updated to version 4.2 patch level 50, which further mitigates ShellShock-type vulnerabilities. Two such issues have already been discovered (CVE-2014-6277, CVE-2014-6278). See the RedHat article on the backward-incompatible changes introduced by the latest patch, caused by adding prefixes and suffixes to the variable names used for exporting functions. Note that the RedHat article mentions these variable names will have parentheses '()' at the end of their names, however, the latest upstream patch uses two percent signs '%%' at the end instead. Two other unrelated security issues in the parser have also been fixed in this update (CVE-2014-7186, CVE-2014-7187). Affected Software/OS: 'bash' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-6277 http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html Cisco Security Advisory: 20140926 GNU Bash Environment Variable Command Injection Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash HPdes Security Advisory: HPSBGN03138 http://marc.info/?l=bugtraq&m=141330468527613&w=2 HPdes Security Advisory: HPSBGN03141 http://marc.info/?l=bugtraq&m=141383304022067&w=2 HPdes Security Advisory: HPSBGN03142 http://marc.info/?l=bugtraq&m=141383244821813&w=2 HPdes Security Advisory: HPSBGN03233 http://marc.info/?l=bugtraq&m=142118135300698&w=2 HPdes Security Advisory: HPSBHF03125 http://marc.info/?l=bugtraq&m=141345648114150&w=2 HPdes Security Advisory: HPSBHF03145 http://marc.info/?l=bugtraq&m=141383465822787&w=2 HPdes Security Advisory: HPSBHF03146 http://marc.info/?l=bugtraq&m=141383353622268&w=2 HPdes Security Advisory: HPSBMU03143 http://marc.info/?l=bugtraq&m=141383026420882&w=2 HPdes Security Advisory: HPSBMU03144 http://marc.info/?l=bugtraq&m=141383081521087&w=2 HPdes Security Advisory: HPSBMU03165 http://marc.info/?l=bugtraq&m=141577137423233&w=2 HPdes Security Advisory: HPSBMU03182 http://marc.info/?l=bugtraq&m=141585637922673&w=2 HPdes Security Advisory: HPSBMU03217 http://marc.info/?l=bugtraq&m=141879528318582&w=2 HPdes Security Advisory: HPSBMU03220 http://marc.info/?l=bugtraq&m=142721162228379&w=2 HPdes Security Advisory: HPSBMU03236 http://marc.info/?l=bugtraq&m=142289270617409&w=2 HPdes Security Advisory: HPSBMU03245 http://marc.info/?l=bugtraq&m=142358026505815&w=2 HPdes Security Advisory: HPSBMU03246 http://marc.info/?l=bugtraq&m=142358078406056&w=2 HPdes Security Advisory: HPSBST03129 http://marc.info/?l=bugtraq&m=141383196021590&w=2 HPdes Security Advisory: HPSBST03154 http://marc.info/?l=bugtraq&m=141577297623641&w=2 HPdes Security Advisory: HPSBST03155 http://marc.info/?l=bugtraq&m=141576728022234&w=2 HPdes Security Advisory: HPSBST03157 http://marc.info/?l=bugtraq&m=141450491804793&w=2 HPdes Security Advisory: HPSBST03181 http://marc.info/?l=bugtraq&m=141577241923505&w=2 HPdes Security Advisory: SSRT101739 HPdes Security Advisory: SSRT101742 HPdes Security Advisory: SSRT101819 HPdes Security Advisory: SSRT101827 HPdes Security Advisory: SSRT101830 HPdes Security Advisory: SSRT101868 http://jvn.jp/en/jp/JVN55667175/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126 http://www.mandriva.com/security/advisories?name=MDVSA-2015:164 http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html http://secunia.com/advisories/58200 http://secunia.com/advisories/59907 http://secunia.com/advisories/59961 http://secunia.com/advisories/60024 http://secunia.com/advisories/60034 http://secunia.com/advisories/60044 http://secunia.com/advisories/60055 http://secunia.com/advisories/60063 http://secunia.com/advisories/60193 http://secunia.com/advisories/60325 http://secunia.com/advisories/60433 http://secunia.com/advisories/61065 http://secunia.com/advisories/61128 http://secunia.com/advisories/61129 http://secunia.com/advisories/61283 http://secunia.com/advisories/61287 http://secunia.com/advisories/61291 http://secunia.com/advisories/61312 http://secunia.com/advisories/61313 http://secunia.com/advisories/61328 http://secunia.com/advisories/61442 http://secunia.com/advisories/61471 http://secunia.com/advisories/61485 http://secunia.com/advisories/61503 http://secunia.com/advisories/61550 http://secunia.com/advisories/61552 http://secunia.com/advisories/61565 http://secunia.com/advisories/61603 http://secunia.com/advisories/61633 http://secunia.com/advisories/61641 http://secunia.com/advisories/61643 http://secunia.com/advisories/61654 http://secunia.com/advisories/61703 http://secunia.com/advisories/61780 http://secunia.com/advisories/61816 http://secunia.com/advisories/61857 http://secunia.com/advisories/62312 http://secunia.com/advisories/62343 SuSE Security Announcement: SUSE-SU-2014:1287 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html SuSE Security Announcement: openSUSE-SU-2014:1310 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html http://www.ubuntu.com/usn/USN-2380-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-6278 https://www.exploit-db.com/exploits/39568/ https://www.exploit-db.com/exploits/39887/ http://packetstormsecurity.com/files/137344/Sun-Secure-Global-Desktop-Oracle-Global-Desktop-Shellshock.html https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006 Common Vulnerability Exposure (CVE) ID: CVE-2014-7186 Bugtraq: 20141001 NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/533593/100/0/threaded http://seclists.org/fulldisclosure/2014/Oct/0 HPdes Security Advisory: HPSBOV03228 http://marc.info/?l=bugtraq&m=142113462216480&w=2 HPdes Security Advisory: HPSBST03131 http://marc.info/?l=bugtraq&m=141383138121313&w=2 HPdes Security Advisory: HPSBST03148 http://marc.info/?l=bugtraq&m=141694386919794&w=2 HPdes Security Advisory: SSRT101711 http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html http://openwall.com/lists/oss-security/2014/09/25/32 http://openwall.com/lists/oss-security/2014/09/26/2 http://openwall.com/lists/oss-security/2014/09/28/10 RedHat Security Advisories: RHSA-2014:1311 http://rhn.redhat.com/errata/RHSA-2014-1311.html RedHat Security Advisories: RHSA-2014:1312 http://rhn.redhat.com/errata/RHSA-2014-1312.html RedHat Security Advisories: RHSA-2014:1354 http://rhn.redhat.com/errata/RHSA-2014-1354.html http://secunia.com/advisories/61188 http://secunia.com/advisories/61479 http://secunia.com/advisories/61618 http://secunia.com/advisories/61622 http://secunia.com/advisories/61636 http://secunia.com/advisories/61711 http://secunia.com/advisories/61873 http://secunia.com/advisories/62228 SuSE Security Announcement: SUSE-SU-2014:1247 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html SuSE Security Announcement: SUSE-SU-2014:1259 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.html SuSE Security Announcement: openSUSE-SU-2014:1229 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html SuSE Security Announcement: openSUSE-SU-2014:1242 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html SuSE Security Announcement: openSUSE-SU-2014:1254 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html http://www.ubuntu.com/usn/USN-2364-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-7187 http://secunia.com/advisories/61855 SuSE Security Announcement: openSUSE-SU-2014:1308 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.