Ubuntu Update For Bash USN-2363-2 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

USN-2363-1 fixed a vulnerability in Bash. Due to a build issue, the patch for CVE-2014-7169 didn't get properly applied in the Ubuntu 14.04 LTS package. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Tavis Ormandy discovered that the security fix for Bash included in USN-2362-1 was incomplete. An attacker could use this issue to bypass certain environment restrictions. (CVE-2014-7169)

Affected

bash on Ubuntu 14.04 LTS

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2014-September/002679.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-7169

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Ubuntu Update for bind9 USN-1783-1
Ubuntu Update for ffmpeg USN-1706-1
Ubuntu Update for bash USN-2364-1
Ubuntu Update for curl vulnerability USN-484-1
Ubuntu Update for apt USN-2348-1

Ubuntu Update for bash USN-2363-2

Take action and discover your vulnerabilities