ID

VAR-201409-1155

CVE

CVE-2014-7169

TITLE

GNU Bash shell executes commands in exported functions in environment variables

DESCRIPTION

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271. QNAP Systems, Inc. Provided by QTS teeth, Turbo NAS for OS is. QTS for, GNU Bash Vulnerability (JVNVU#97219505) caused by OS Command injection vulnerability (CWE-78) Exists. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : University of Electro-Communications Wakisaka Yuki MrAny application permission OS The command may be executed. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. NOTE: This vulnerability can only be exploited if the attacker already has valid administrative login credentials. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/bash-4.2.048-i486-2_slack14.1.txz: Rebuilt. Patched an additional trailing string processing vulnerability discovered by Tavis Ormandy. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bash-3.1.018-i486-2_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bash-3.1.018-x86_64-2_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/bash-4.1.012-i486-2_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/bash-4.1.012-x86_64-2_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bash-4.1.012-i486-2_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bash-4.1.012-x86_64-2_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bash-4.2.048-i486-2_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bash-4.2.048-x86_64-2_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/bash-4.2.048-i486-2_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/bash-4.2.048-x86_64-2_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/bash-4.3.025-i486-2.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/bash-4.3.025-x86_64-2.txz MD5 signatures: +-------------+ Slackware 13.0 package: 93780575208505d17b5305b202294e16 bash-3.1.018-i486-2_slack13.0.txz Slackware x86_64 13.0 package: 6ec269c8e958cd6265821b480af8e5d7 bash-3.1.018-x86_64-2_slack13.0.txz Slackware 13.1 package: 21235413470903bb8eec907acb5b3248 bash-4.1.012-i486-2_slack13.1.txz Slackware x86_64 13.1 package: e69bacaf484e8f924c09eacd91c8c737 bash-4.1.012-x86_64-2_slack13.1.txz Slackware 13.37 package: fa05abe5c8d6557ec1cef124e5d877ce bash-4.1.012-i486-2_slack13.37.txz Slackware x86_64 13.37 package: 97a0005c1e0701c8912dc30f8a6f2908 bash-4.1.012-x86_64-2_slack13.37.txz Slackware 14.0 package: d319186a0ab7e85562684669afc878c3 bash-4.2.048-i486-2_slack14.0.txz Slackware x86_64 14.0 package: 8835dc729d6029fc20b6b1b1df72ce13 bash-4.2.048-x86_64-2_slack14.0.txz Slackware 14.1 package: fbb4b906de3a8f9bf5209fcc80e2a413 bash-4.2.048-i486-2_slack14.1.txz Slackware x86_64 14.1 package: a786b69705d1ebb67fbf31df9d032699 bash-4.2.048-x86_64-2_slack14.1.txz Slackware -current package: bba7e4260df8c4d91d99dbf13d44ec79 a/bash-4.3.025-i486-2.txz Slackware x86_64 -current package: 7c9a285415bd636469da0cf405bb5692 a/bash-4.3.025-x86_64-2.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg bash-4.2.048-i486-2_slack14.1.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169 https://rhn.redhat.com/errata/RHSA-2014-1306.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 068bf5e3fe869e91b3583b7ddba7e9eb mbs1/x86_64/bash-4.2-48.1.mbs1.x86_64.rpm 5cf0895151bdace021fc9e0dbcf4a10a mbs1/x86_64/bash-doc-4.2-48.1.mbs1.x86_64.rpm 0f77090a686587530eed163e54191c2f mbs1/SRPMS/bash-4.2-48.1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFUJRNlmqjQ0CJFipgRAreUAJ9PQj8Pp1c9mBgoINCmnghEoUrDYgCfSP4i S0wloutlv8C/wANhgGvfRWw= =o6ex -----END PGP SIGNATURE----- . MITIGATION INFORMATION HP recommends the following steps to reduce the risk of this vulnerability: - Place the HP StoreFabric H-series switch and other data center critical infrastructure behind a firewall to disallow access from the Internet. - Change all HP StoreFabric switch default account passwords, including the root passwords, from the default factory passwords. - Examine the list of accounts, including ones on the switch and those existing on remote authentication servers such as RADIUS, LDAP, and TACAS+, to ensure only necessary personnel can gain access to HP StoreFabric H-series switches. Delete guest accounts and temporary accounts created for one-time usage needs. - To avoid possible exploit through the embedded web GUI, QuickTools, disable the web server with the following procedure: NOTE: After completing this procedure, the user will not be able to manage the switch using QuickTools. Login to the Command Line Interface (CLI). Execute the "admin start" command to enter into an admin session. Execute the "set setup services" command and change setting for EmbeddedGUIEnabled to "False". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bash security update Advisory ID: RHSA-2014:1311-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1311.html Issue date: 2014-09-26 CVE Names: CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 ===================================================================== 1. Summary: Updated bash packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extended Life Cycle Support, Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat Enterprise Linux 6.4 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (v. 4 ELS) - i386, ia64, x86_64 Red Hat Enterprise Linux AUS (v. 6.2 server) - x86_64 Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4) - x86_64 Red Hat Enterprise Linux ES (v. 4 ELS) - i386, x86_64 Red Hat Enterprise Linux EUS (v. 5.9 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.4) - x86_64 Red Hat Enterprise Linux LL (v. 5.6 server) - i386, ia64, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.4) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.4) - i386, ppc64, s390x, x86_64 3. Description: The GNU Bourne Again shell (Bash) is a shell and command language interpreter compatible with the Bourne shell (sh). Bash is the default shell for Red Hat Enterprise Linux. It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue. (CVE-2014-7169) Applications which directly create Bash functions as environment variables need to be made aware of the changes to the way names are handled by this update. For more information see the Knowledgebase article at https://access.redhat.com/articles/1200223 Note: Docker users are advised to use "yum update" within their containers, and to commit the resulting changes. For additional information on CVE-2014-6271 and CVE-2014-7169, refer to the aforementioned Knowledgebase article. All bash users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux AS (v. 4 ELS): Source: bash-3.0-27.el4.4.src.rpm i386: bash-3.0-27.el4.4.i386.rpm bash-debuginfo-3.0-27.el4.4.i386.rpm ia64: bash-3.0-27.el4.4.i386.rpm bash-3.0-27.el4.4.ia64.rpm bash-debuginfo-3.0-27.el4.4.i386.rpm bash-debuginfo-3.0-27.el4.4.ia64.rpm x86_64: bash-3.0-27.el4.4.x86_64.rpm bash-debuginfo-3.0-27.el4.4.x86_64.rpm Red Hat Enterprise Linux ES (v. 4 ELS): Source: bash-3.0-27.el4.4.src.rpm i386: bash-3.0-27.el4.4.i386.rpm bash-debuginfo-3.0-27.el4.4.i386.rpm x86_64: bash-3.0-27.el4.4.x86_64.rpm bash-debuginfo-3.0-27.el4.4.x86_64.rpm Red Hat Enterprise Linux LL (v. 5.6 server): Source: bash-3.2-24.el5_6.2.src.rpm i386: bash-3.2-24.el5_6.2.i386.rpm bash-debuginfo-3.2-24.el5_6.2.i386.rpm ia64: bash-3.2-24.el5_6.2.i386.rpm bash-3.2-24.el5_6.2.ia64.rpm bash-debuginfo-3.2-24.el5_6.2.i386.rpm bash-debuginfo-3.2-24.el5_6.2.ia64.rpm x86_64: bash-3.2-24.el5_6.2.x86_64.rpm bash-debuginfo-3.2-24.el5_6.2.x86_64.rpm Red Hat Enterprise Linux EUS (v. 5.9 server): Source: bash-3.2-32.el5_9.3.src.rpm i386: bash-3.2-32.el5_9.3.i386.rpm bash-debuginfo-3.2-32.el5_9.3.i386.rpm ia64: bash-3.2-32.el5_9.3.i386.rpm bash-3.2-32.el5_9.3.ia64.rpm bash-debuginfo-3.2-32.el5_9.3.i386.rpm bash-debuginfo-3.2-32.el5_9.3.ia64.rpm ppc: bash-3.2-32.el5_9.3.ppc.rpm bash-debuginfo-3.2-32.el5_9.3.ppc.rpm s390x: bash-3.2-32.el5_9.3.s390x.rpm bash-debuginfo-3.2-32.el5_9.3.s390x.rpm x86_64: bash-3.2-32.el5_9.3.x86_64.rpm bash-debuginfo-3.2-32.el5_9.3.x86_64.rpm Red Hat Enterprise Linux HPC Node EUS (v. 6.4): Source: bash-4.1.2-15.el6_4.2.src.rpm x86_64: bash-4.1.2-15.el6_4.2.x86_64.rpm bash-debuginfo-4.1.2-15.el6_4.2.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4): Source: bash-4.1.2-15.el6_4.2.src.rpm x86_64: bash-debuginfo-4.1.2-15.el6_4.2.x86_64.rpm bash-doc-4.1.2-15.el6_4.2.x86_64.rpm Red Hat Enterprise Linux AUS (v. 6.2 server): Source: bash-4.1.2-9.el6_2.2.src.rpm x86_64: bash-4.1.2-9.el6_2.2.x86_64.rpm bash-debuginfo-4.1.2-9.el6_2.2.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.4): Source: bash-4.1.2-15.el6_4.2.src.rpm i386: bash-4.1.2-15.el6_4.2.i686.rpm bash-debuginfo-4.1.2-15.el6_4.2.i686.rpm ppc64: bash-4.1.2-15.el6_4.2.ppc64.rpm bash-debuginfo-4.1.2-15.el6_4.2.ppc64.rpm s390x: bash-4.1.2-15.el6_4.2.s390x.rpm bash-debuginfo-4.1.2-15.el6_4.2.s390x.rpm x86_64: bash-4.1.2-15.el6_4.2.x86_64.rpm bash-debuginfo-4.1.2-15.el6_4.2.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.2): Source: bash-4.1.2-9.el6_2.2.src.rpm x86_64: bash-debuginfo-4.1.2-9.el6_2.2.x86_64.rpm bash-doc-4.1.2-9.el6_2.2.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.4): Source: bash-4.1.2-15.el6_4.2.src.rpm i386: bash-debuginfo-4.1.2-15.el6_4.2.i686.rpm bash-doc-4.1.2-15.el6_4.2.i686.rpm ppc64: bash-debuginfo-4.1.2-15.el6_4.2.ppc64.rpm bash-doc-4.1.2-15.el6_4.2.ppc64.rpm s390x: bash-debuginfo-4.1.2-15.el6_4.2.s390x.rpm bash-doc-4.1.2-15.el6_4.2.s390x.rpm x86_64: bash-debuginfo-4.1.2-15.el6_4.2.x86_64.rpm bash-doc-4.1.2-15.el6_4.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-7169.html https://www.redhat.com/security/data/cve/CVE-2014-7186.html https://www.redhat.com/security/data/cve/CVE-2014-7187.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/1200223 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUJau9XlSAg2UNWIIRAhKkAKC931kAxA4S4exwT4uGhDr7uDFIKQCglKKS N0AJiOto/RXwBqHtbfr1wkM= =SeAK -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . This vulnerability allows users that have been granted access to a shell script to escalate privilege and execute unrestricted commands at the same security level as the Bash script. Patch and maintain Lightweight Directory Access Protocol (LDAP) and web servers. Use virus scanners, intrusion detection/prevention systems (IDS/IPS), and vulnerability scanners regularly. Apply all recommended HP Firmware updates. Note: all versions of HP Thin Pro and HP Smart Zero Core operating systems prior to version 5.1.0 are affected by this vulnerability. If you participated in the ThinPro 5.1.0 beta program upgrade to the release version as soon as it becomes available. The update can be also downloaded directly from ftp://ftp.hp.com/pub/tcdebian /updates/5.0/service_packs/SecurityUpdate-CVE20146271-CVE20147169-all-5.0-x86 .xar Or via softpaq delivery at: ftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69071.exe HP ThinPro and HP Smart Zero Core (x86) v4.4.x A component update is currently available through Easy Update as: SecurityUpdate-CVE20146271-CVE20147169-all-4.4-x86.xar . Or can be downloaded directly from ftp://ftp.hp.com/pub/tcdebian/updates/4.4/ service_packs/SecurityUpdate-CVE20146271-CVE20147169-all-4.4-x86.xar Or via softpaq delivery at: ftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69071.exe HP ThinPro and HP Smart Zero Core (ARM) v4.4.x A component update is currently available through Easy Update as: SecurityUpdate-CVE20146271-CVE20147169-all-4.4-arm.xar . Bash shipped with GNV 3.0-1 and previous versions are impacted by .Shellshock. vulnerability. HP GNV Website: http://h71000.www7.hp.com/opensource/gnv.html Sourceforge: IA64: https://sourceforge.net/projects/gnv/files/GNV%20-%20I64/V3.0-1/ Alpha: https://sourceforge.net/projects/gnv/files/GNV%20-%20Alpha/V3.0-1/ HP Bash Version for OpenVMS Platform Patch Kit Name v1.14-8 Alpha OpenVMS V8.3, V8.4 HP-AXPVMS-GNV-BASH-V0114-08.ZIP v1.14-8 ITANIUM OpenVMS V8.3, V8.3-1H1, V8.4 HP-AXPVMS-GNV-BASH-V0114-08.ZIP HISTORY Version:1 (rev.1) - 12 January 2015 Initial release Support: For further information, contact normal HP Services support channel. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2015 Hewlett-Packard Development Company, L.P. Please refer to the RESOLUTION section below for a list of impacted products. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04467807 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04467807 Version: 1 HPSBGN03117 rev.1 - HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell, Remote Code Execution NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-09-30 Last Updated: 2014-09-30 Potential Security Impact: Remote code execution Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell . NOTE: The vCAS product is vulnerable only if DHCP is enabled. References: CVE-2014-6271 CVE-2014-7169 SSRT101724 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. vCAS version 14.06 (RDA 8.1) BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-6271 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7169 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP is actively working to address this vulnerability for the impacted product versions of HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell. This bulletin will be revised when the software update is released. NOTE: HP recommends to not power-down or disconnect the vCAS until the update is available. MITIGATION INFORMATION A Shellshock attack requires the definition of an environment variable introduced into Bash. The vCAS has three attack vectors: SSH, the lighttpd web server, and the DHCP client. - The exploit does not elevate privileges. The DHCP client uses Bash scripts and is vulnerable to Shellshock. The DHCP exploit can be mitigated by ensuring that DHCP is disabled on the vCAS. Note: HP strongly discourages the use of DHCP on the vCAS. The web UI forces the vCAS user to assign a static IP address and change the hp-admin password. A vCAS user must manually configure DHCP for use on the vCAS. A vCAS user can verify that DHCP is disabled by inspecting the file "/etc/network/interfaces" and ensuring that the "iface" line for device "eth0" is set for a static IP. Example of a static IP configuration: # The primary network interface auto eth0 iface eth0 inet static address 172.27.1.68 netmask 255.255.255.0 gateway 172.27.1.1 HISTORY Version:1 (rev.1) - 30 September 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. ============================================================================ Ubuntu Security Notice USN-2363-2 September 26, 2014 bash vulnerability ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: Bash allowed bypassing environment restrictions in certain environments. Due to a build issue, the patch for CVE-2014-7169 didn't get properly applied in the Ubuntu 14.04 LTS package. This update fixes the problem. We apologize for the inconvenience. (CVE-2014-7169) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: bash 4.3-7ubuntu1.3 In general, a standard system update will make all the necessary changes

AFFECTED PRODUCTS