- Subject: [upki-fed:00856] Bash$B$N@H
- Date: Fri, 26 Sep 2014 15:32:16 +0900
- From: $B9qN)>pJs3X8&5f=j!!3XG';vL36I!!LnED(B <xxxxxxxxxxxxxx@xxxxxxxxx>
$B3F0L(B
$B!!9qN)>pJs3X8&5f=j!&3XG';vL36I$G$9!#(B
$BJ?AG$h$j3XG'$N;v6H$K$46(NO$r;r$j!$$"$j$,$H$&$4$6$$$^$9!#(B
$B!!(BBash$B$K4X$9$k@H$C$F9=C[$7$?(BIdP/SP$B<+?H$,(BBash$B$r8F$S=P$9$3$H$O$"$j$^$;(B
$B$s$,!$F15o$7$F$$$k(BWeb$B%"%W%j%1!<%7%g%s$dB>$N(BCGI$B%9%/%j%W%HEy$rG[CV$7$F$$(B
$B$k>l9g$KK\@HJ}$,=$(B
$B@5$5$l$?%Q%C%1!<%8$G$9!#(B
$B!&(BCentOS 5
bash-3.2-33.el5_10.4 $B$*$h$S$=$l0J9_$N%P!<%8%g%s(B
$B!&(BCentOS 6
bash-4.1.2-15.el6_5.2 $B$*$h$S$=$l0J9_$N%P!<%8%g%s(B
$B$=$NB>$N%G%#%9%H%j%S%e!<%7%g%s$r$4MxMQ$NJ}$O!$3F%G%#%9%H%j%S%e!<%?$N>p(B
$BJs$r$4;2>H$/$@$5$$!#(B
$B;29M>pJs!'(B
$B!&(BBash Code Injection Vulnerability via Specially Crafted Environment
Variables (CVE-2014-6271, CVE-2014-7169)
https://access.redhat.com/articles/1200223
$B!&(BCVE-2014-6271 bash: specially-crafted environment variables can be
used to inject shell commands
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6271
$B!&(BCVE-2014-7169 bash: code execution via specially-crafted environment
(Incomplete fix for CVE-2014-6271)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-7169
$B!&(BCVE-2014-6271
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
$B!&(BCVE-2014-7169
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169
--
=========================================================
$B!!9qN)>pJs3X8&5f=j(B $B3X=Q4pHW2](B $B3XG';vL36I!!!JC4Ev!'LnED!K(B
$B!!(BTEL$B!'(B03-4212-2218$B!!(xxxxxxxxxxxxxxx@xxxxxxxxx
$B!!3XG'(BWeb$B%Z!<%8(B https://www.gakunin.jp/
$B!!?=@A%7%9%F%`(B https://office.gakunin.nii.ac.jp/
=========================================================