Solution
Please Install the Updated Packages.
Insight
Florian Weimer and Todd Sabin discovered that the Bash parser incorrectly handled memory. An attacker could possibly use this issue to bypass certain environment restrictions and execute arbitrary code. (CVE-2014-7186, CVE-2014-7187)
In addition, this update introduces a hardening measure which adds prefixes and suffixes around environment variable names which contain shell functions.
Affected
bash on Ubuntu 14.04 LTS ,
Ubuntu 12.04 LTS ,
Ubuntu 10.04 LTS
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-7186, CVE-2014-7187 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities