Mandriva Update For Bash MDVSA-2012:128 (bash) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability was found and corrected in bash: A stack-based buffer overflow flaw was found in the way bash, the GNU Bourne Again shell, expanded certain /dev/fd file names when checking file names (&#039 test&#039 command) and evaluating /dev/fd file names in conditinal command expressions. A remote attacker could provide a specially-crafted Bash script that, when executed, would cause the bash executable to crash (CVE-2012-3410). Additionally the official patches 011 to 037 for bash-4.2 has been applied which resolves other issues found, including the CVE-2012-3410 vulnerability.

Affected

bash on Mandriva Linux 2011.0

Severity

Classification

CVE CVE-2012-3410

CVSS	Base Score: 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:122 (squirrelmail)
Mandrake Security Advisory MDVSA-2009:056 (net-snmp)
Mandrake Security Advisory MDVSA-2009:124-1 (apache)
Mandrake Security Advisory MDVSA-2009:046 (dia)
Mandrake Security Advisory MDVSA-2009:155 (git)

Mandriva Update for bash MDVSA-2012:128 (bash)

Take action and discover your vulnerabilities