Red Hat Product Errata RHSA-2014:1294 - Security Advisory

Issued:: 2014-09-24
Updated:: 2014-09-24

RHSA-2014:1294 - Security Advisory

Overview
Updated Packages

Synopsis

Critical: bash security update

Type/Severity

Security Advisory: Critical

Topic

Updated bash packages that fix one security issue are now available for Red
Hat Enterprise Linux 4 Extended Life Cycle Support, Red Hat Enterprise
Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended Update Support,
Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat
Enterprise Linux 6.4 Extended Update Support.

Red Hat Product Security has rated this update as having Critical security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

Description

The GNU Bourne Again shell (Bash) is a shell and command language
interpreter compatible with the Bourne shell (sh). Bash is the default
shell for Red Hat Enterprise Linux.

A flaw was found in the way Bash evaluated certain specially crafted
environment variables. An attacker could use this flaw to override or
bypass environment restrictions to execute shell commands. Certain
services and applications allow remote unauthenticated attackers to
provide environment variables, allowing them to exploit this issue.
(CVE-2014-6271)

For additional information on the CVE-2014-6271 flaw, refer to the
Knowledgebase article at https://access.redhat.com/articles/1200223

Red Hat would like to thank Stephane Chazelas for reporting this issue.

All bash users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 - Extended Update Support 6.4 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 6.4 i386
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.9 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.9 ia64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.9 i386
Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.4 x86_64
Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.4 i386
Red Hat Enterprise Linux Server - Extended Update Support from RHUI 5.9 x86_64
Red Hat Enterprise Linux Server - Extended Update Support from RHUI 5.9 i386
Red Hat Gluster Storage Server for On-premise 2.1 x86_64
Red Hat Storage for Public Cloud (via RHUI) 2.1 x86_64
Red Hat Enterprise Linux Server - AUS 6.4 x86_64
Red Hat Enterprise Linux Server - AUS 6.2 x86_64
Red Hat Enterprise Linux Server - AUS 5.9 x86_64
Red Hat Enterprise Linux Server - AUS 5.9 ia64
Red Hat Enterprise Linux Server - AUS 5.9 i386
Red Hat Enterprise Linux Server - AUS 5.6 x86_64
Red Hat Enterprise Linux Server - AUS 5.6 ia64
Red Hat Enterprise Linux Server - AUS 5.6 i386
Red Hat Enterprise Linux Server - Extended Life Cycle Support 4 x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support 4 ia64
Red Hat Enterprise Linux Server - Extended Life Cycle Support 4 i386
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 6.4 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.9 s390x
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 6.4 ppc64
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.9 ppc
Red Hat Enterprise Linux EUS Compute Node 6.4 x86_64

Fixes

BZ - 1141597 - CVE-2014-6271 bash: specially-crafted environment variables can be used to inject shell commands

CVEs

CVE-2014-6271

References

https://access.redhat.com/security/updates/classification/#critical

https://access.redhat.com/articles/1200223

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Update Support 6.4

SRPM
bash-4.1.2-15.el6_4.1.src.rpm	SHA-256: f36913f96ac8feced1d5583818e953607177287f639798da033b5709d4d814b7
x86_64
bash-4.1.2-15.el6_4.1.x86_64.rpm	SHA-256: a5eeb15d911ffea3eec36569ab260e74a34b9c1b53e41fdddebb7d2aa538a3be
bash-debuginfo-4.1.2-15.el6_4.1.x86_64.rpm	SHA-256: 45a4dad9016ba0ca01dde6039651a6dd67a649463247102de8f37bfaccef0e20
bash-debuginfo-4.1.2-15.el6_4.1.x86_64.rpm	SHA-256: 45a4dad9016ba0ca01dde6039651a6dd67a649463247102de8f37bfaccef0e20
bash-doc-4.1.2-15.el6_4.1.x86_64.rpm	SHA-256: 5caea45de01c9d87274bba825e8637ae5605169e0f376e2ca7236c2866e274ac
i386
bash-4.1.2-15.el6_4.1.i686.rpm	SHA-256: fee27cdafd664504c36c13ce752d9893eb987e9b16b6705ddd64849ae899d9b8
bash-debuginfo-4.1.2-15.el6_4.1.i686.rpm	SHA-256: e5d67ab0a4d863ecb4ba015d0e1152eb61dbe7082e3bcb757548f1564210ca50
bash-debuginfo-4.1.2-15.el6_4.1.i686.rpm	SHA-256: e5d67ab0a4d863ecb4ba015d0e1152eb61dbe7082e3bcb757548f1564210ca50
bash-doc-4.1.2-15.el6_4.1.i686.rpm	SHA-256: f843dbe375c7d0afce2e0d689c38e38465ac709fe254520d29a4113aefa03205

Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.9

SRPM
bash-3.2-32.el5_9.2.src.rpm	SHA-256: 8b4359d4050424fe967c17455f4434488a1122531e2c909ae4f61a96bc7fca38
x86_64
bash-3.2-32.el5_9.2.x86_64.rpm	SHA-256: 8a7bc45406007938a390399ce3ec8a9244814eabc04e9ff8dc21a37b66f6bffb
bash-debuginfo-3.2-32.el5_9.2.x86_64.rpm	SHA-256: f27907cf3708f48ae92f77cc38711c7f2335d719c9c3ebf550046f769cd66b8f
ia64
bash-3.2-32.el5_9.2.i386.rpm	SHA-256: f85cff9bd9b3dc0665bd3b3d298ab1877cab135e6f20d29e094cec2b0c8b0f5a
bash-3.2-32.el5_9.2.ia64.rpm	SHA-256: 4637dde859e70feae066fd7ee578fd496e1d3378a5e84c11caafa52884095b95
bash-debuginfo-3.2-32.el5_9.2.i386.rpm	SHA-256: a324305ceb3015712d67c9bb6e3a3b8cf90a4f1b445c494691d6b15f0f485fc5
bash-debuginfo-3.2-32.el5_9.2.ia64.rpm	SHA-256: 75189926eb4077ac6fef9a8c14bd797b0c1df8ea5dde55d3eaef343bb2133e83
i386
bash-3.2-32.el5_9.2.i386.rpm	SHA-256: f85cff9bd9b3dc0665bd3b3d298ab1877cab135e6f20d29e094cec2b0c8b0f5a
bash-debuginfo-3.2-32.el5_9.2.i386.rpm	SHA-256: a324305ceb3015712d67c9bb6e3a3b8cf90a4f1b445c494691d6b15f0f485fc5

Red Hat Gluster Storage Server for On-premise 2.1

SRPM
bash-4.1.2-15.el6_4.1.src.rpm	SHA-256: f36913f96ac8feced1d5583818e953607177287f639798da033b5709d4d814b7
x86_64
bash-4.1.2-15.el6_4.1.x86_64.rpm	SHA-256: a5eeb15d911ffea3eec36569ab260e74a34b9c1b53e41fdddebb7d2aa538a3be
bash-debuginfo-4.1.2-15.el6_4.1.x86_64.rpm	SHA-256: 45a4dad9016ba0ca01dde6039651a6dd67a649463247102de8f37bfaccef0e20

Red Hat Storage for Public Cloud (via RHUI) 2.1

SRPM
bash-4.1.2-15.el6_4.1.src.rpm	SHA-256: f36913f96ac8feced1d5583818e953607177287f639798da033b5709d4d814b7
x86_64
bash-4.1.2-15.el6_4.1.x86_64.rpm	SHA-256: a5eeb15d911ffea3eec36569ab260e74a34b9c1b53e41fdddebb7d2aa538a3be
bash-debuginfo-4.1.2-15.el6_4.1.x86_64.rpm	SHA-256: 45a4dad9016ba0ca01dde6039651a6dd67a649463247102de8f37bfaccef0e20

Red Hat Enterprise Linux Server - AUS 6.4

SRPM
bash-4.1.2-15.el6_4.1.src.rpm	SHA-256: f36913f96ac8feced1d5583818e953607177287f639798da033b5709d4d814b7
x86_64
bash-4.1.2-15.el6_4.1.x86_64.rpm	SHA-256: a5eeb15d911ffea3eec36569ab260e74a34b9c1b53e41fdddebb7d2aa538a3be
bash-debuginfo-4.1.2-15.el6_4.1.x86_64.rpm	SHA-256: 45a4dad9016ba0ca01dde6039651a6dd67a649463247102de8f37bfaccef0e20
bash-debuginfo-4.1.2-15.el6_4.1.x86_64.rpm	SHA-256: 45a4dad9016ba0ca01dde6039651a6dd67a649463247102de8f37bfaccef0e20
bash-doc-4.1.2-15.el6_4.1.x86_64.rpm	SHA-256: 5caea45de01c9d87274bba825e8637ae5605169e0f376e2ca7236c2866e274ac

Red Hat Enterprise Linux Server - AUS 6.2

SRPM
bash-4.1.2-9.el6_2.1.src.rpm	SHA-256: 6090ac4a03c5a01fe8a4202db69367312789ab8f91351a01acdf1e1b2b1efb9d
x86_64
bash-4.1.2-9.el6_2.1.x86_64.rpm	SHA-256: 322e5fe859661034fae06051e4e0aedb72f1b2ba4c555a9d70e19f3c48e2c67f
bash-debuginfo-4.1.2-9.el6_2.1.x86_64.rpm	SHA-256: dc16b43a27ec4efa5a217be2ea89496bfe62246b02f8c5d9c0e216f6bdca7f89
bash-debuginfo-4.1.2-9.el6_2.1.x86_64.rpm	SHA-256: dc16b43a27ec4efa5a217be2ea89496bfe62246b02f8c5d9c0e216f6bdca7f89
bash-doc-4.1.2-9.el6_2.1.x86_64.rpm	SHA-256: 9c2c3eb9e77c84d62ea9c28487316b0d326d61bb5278ec7dd84220a522c046aa

Red Hat Enterprise Linux Server - AUS 5.9

SRPM
bash-3.2-32.el5_9.2.src.rpm	SHA-256: 8b4359d4050424fe967c17455f4434488a1122531e2c909ae4f61a96bc7fca38
x86_64
bash-3.2-32.el5_9.2.x86_64.rpm	SHA-256: 8a7bc45406007938a390399ce3ec8a9244814eabc04e9ff8dc21a37b66f6bffb
bash-debuginfo-3.2-32.el5_9.2.x86_64.rpm	SHA-256: f27907cf3708f48ae92f77cc38711c7f2335d719c9c3ebf550046f769cd66b8f
ia64
bash-3.2-32.el5_9.2.i386.rpm	SHA-256: f85cff9bd9b3dc0665bd3b3d298ab1877cab135e6f20d29e094cec2b0c8b0f5a
bash-3.2-32.el5_9.2.ia64.rpm	SHA-256: 4637dde859e70feae066fd7ee578fd496e1d3378a5e84c11caafa52884095b95
bash-debuginfo-3.2-32.el5_9.2.i386.rpm	SHA-256: a324305ceb3015712d67c9bb6e3a3b8cf90a4f1b445c494691d6b15f0f485fc5
bash-debuginfo-3.2-32.el5_9.2.ia64.rpm	SHA-256: 75189926eb4077ac6fef9a8c14bd797b0c1df8ea5dde55d3eaef343bb2133e83
i386
bash-3.2-32.el5_9.2.i386.rpm	SHA-256: f85cff9bd9b3dc0665bd3b3d298ab1877cab135e6f20d29e094cec2b0c8b0f5a
bash-debuginfo-3.2-32.el5_9.2.i386.rpm	SHA-256: a324305ceb3015712d67c9bb6e3a3b8cf90a4f1b445c494691d6b15f0f485fc5

Red Hat Enterprise Linux Server - AUS 5.6

SRPM
bash-3.2-24.el5_6.1.src.rpm	SHA-256: 35d6252f1b01db8d330591d5be2ae41ad6bbdc71939509e68c8fa717f36ed6ca
x86_64
bash-3.2-24.el5_6.1.x86_64.rpm	SHA-256: f83f3724931258bb01e704e3c696b3731e9cb2577f1d691ffc1b66097b8db854
bash-debuginfo-3.2-24.el5_6.1.x86_64.rpm	SHA-256: 68d0b0f7c833a7f6aa90f6fb6b6e69d68a853945da2ce595737870b40bf7a527
ia64
bash-3.2-24.el5_6.1.i386.rpm	SHA-256: e3264238ad7effececabee181433b599941e5c7a1e33a315b0a8b664f6d5e725
bash-3.2-24.el5_6.1.ia64.rpm	SHA-256: a2a1beb99735263c01e744a95a19c46ff1b9fc0481f11d7f7ca462d8c1221ebd
bash-debuginfo-3.2-24.el5_6.1.i386.rpm	SHA-256: 73ea4005c82744684392e35db2d96fd0505cdcc7769e4eb82708880db0b74e1a
bash-debuginfo-3.2-24.el5_6.1.ia64.rpm	SHA-256: 57db77022719dbc2462c50d7643d3bdd8c1bfed4ed053b0fd011a006e7af5d95
i386
bash-3.2-24.el5_6.1.i386.rpm	SHA-256: e3264238ad7effececabee181433b599941e5c7a1e33a315b0a8b664f6d5e725
bash-debuginfo-3.2-24.el5_6.1.i386.rpm	SHA-256: 73ea4005c82744684392e35db2d96fd0505cdcc7769e4eb82708880db0b74e1a

Red Hat Enterprise Linux Server - Extended Life Cycle Support 4

SRPM
bash-3.0-27.el4.2.src.rpm	SHA-256: ddfa1244deb1d1a7ae90d83ceec291abdbe83f218c0266fabc96b15cc7fa6c2a
x86_64
bash-3.0-27.el4.2.x86_64.rpm	SHA-256: b5c788167f3fa5fabf9e0efcdb78a391a670b0026ce11ba657ac87a679084a86
bash-3.0-27.el4.2.x86_64.rpm	SHA-256: b5c788167f3fa5fabf9e0efcdb78a391a670b0026ce11ba657ac87a679084a86
ia64
bash-3.0-27.el4.2.i386.rpm	SHA-256: 4e9525774fcdd451d71c1940a2276e23ec98b0617a813e1e80ef8de9784d22ad
bash-3.0-27.el4.2.ia64.rpm	SHA-256: 85aa44707853f5881330b8baf4ddf537a9eea5a323b4bf46238c697d82db82de
i386
bash-3.0-27.el4.2.i386.rpm	SHA-256: 4e9525774fcdd451d71c1940a2276e23ec98b0617a813e1e80ef8de9784d22ad
bash-3.0-27.el4.2.i386.rpm	SHA-256: 4e9525774fcdd451d71c1940a2276e23ec98b0617a813e1e80ef8de9784d22ad

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 6.4

SRPM
bash-4.1.2-15.el6_4.1.src.rpm	SHA-256: f36913f96ac8feced1d5583818e953607177287f639798da033b5709d4d814b7
s390x
bash-4.1.2-15.el6_4.1.s390x.rpm	SHA-256: 4a2c86cd2df099bf887a1f6a599633228fa00c6ae2e9971c0f6055d72a80f1ad
bash-debuginfo-4.1.2-15.el6_4.1.s390x.rpm	SHA-256: d4fc1f76ee1764880e09b2b7e0bd7e325058ca2e7d213da9ae7ea147716f5cc7
bash-debuginfo-4.1.2-15.el6_4.1.s390x.rpm	SHA-256: d4fc1f76ee1764880e09b2b7e0bd7e325058ca2e7d213da9ae7ea147716f5cc7
bash-doc-4.1.2-15.el6_4.1.s390x.rpm	SHA-256: 53ed241961a634ff3e7fc39bd1f7877480e3d2deca4ed8957a661c828159f1a8

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.9

SRPM
bash-3.2-32.el5_9.2.src.rpm	SHA-256: 8b4359d4050424fe967c17455f4434488a1122531e2c909ae4f61a96bc7fca38
s390x
bash-3.2-32.el5_9.2.s390x.rpm	SHA-256: 548b97e62a6cdf8ac2094f1d6d23070c8868242ee6a4bc9e1c08334de643748a
bash-debuginfo-3.2-32.el5_9.2.s390x.rpm	SHA-256: 696f50eb41bafd82d14395186748e3f3ac9a5d74fc52081118e20314cc37701b

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 6.4

SRPM
bash-4.1.2-15.el6_4.1.src.rpm	SHA-256: f36913f96ac8feced1d5583818e953607177287f639798da033b5709d4d814b7
ppc64
bash-4.1.2-15.el6_4.1.ppc64.rpm	SHA-256: d89519c8cf33c425d45fccd019d8afccd5c600f197d55ef91431de24975e807a
bash-debuginfo-4.1.2-15.el6_4.1.ppc64.rpm	SHA-256: 9a000c48a2965d334b13419de5cae361d15d13ced0d939c946eebd3fc9bee70f
bash-debuginfo-4.1.2-15.el6_4.1.ppc64.rpm	SHA-256: 9a000c48a2965d334b13419de5cae361d15d13ced0d939c946eebd3fc9bee70f
bash-doc-4.1.2-15.el6_4.1.ppc64.rpm	SHA-256: f1ae58da6cc551644f76fe124b91c4eaf9abdff67eb3ea46de4ae0db3dbbdfec

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.9

SRPM
bash-3.2-32.el5_9.2.src.rpm	SHA-256: 8b4359d4050424fe967c17455f4434488a1122531e2c909ae4f61a96bc7fca38
ppc
bash-3.2-32.el5_9.2.ppc.rpm	SHA-256: d7a436d1fdbc68de6adb09bf242c9ad9829bfdbfa382c9a09d7e4fc5281f93cf
bash-debuginfo-3.2-32.el5_9.2.ppc.rpm	SHA-256: 6a5d6e573da12dac02f55d1bd1f550769a3570b29d6455409f1dc339dbb676fe

Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.4

SRPM
bash-4.1.2-15.el6_4.1.src.rpm	SHA-256: f36913f96ac8feced1d5583818e953607177287f639798da033b5709d4d814b7
x86_64
bash-4.1.2-15.el6_4.1.x86_64.rpm	SHA-256: a5eeb15d911ffea3eec36569ab260e74a34b9c1b53e41fdddebb7d2aa538a3be
bash-debuginfo-4.1.2-15.el6_4.1.x86_64.rpm	SHA-256: 45a4dad9016ba0ca01dde6039651a6dd67a649463247102de8f37bfaccef0e20
i386
bash-4.1.2-15.el6_4.1.i686.rpm	SHA-256: fee27cdafd664504c36c13ce752d9893eb987e9b16b6705ddd64849ae899d9b8
bash-debuginfo-4.1.2-15.el6_4.1.i686.rpm	SHA-256: e5d67ab0a4d863ecb4ba015d0e1152eb61dbe7082e3bcb757548f1564210ca50

Red Hat Enterprise Linux Server - Extended Update Support from RHUI 5.9

SRPM
bash-3.2-32.el5_9.2.src.rpm	SHA-256: 8b4359d4050424fe967c17455f4434488a1122531e2c909ae4f61a96bc7fca38
x86_64
bash-3.2-32.el5_9.2.x86_64.rpm	SHA-256: 8a7bc45406007938a390399ce3ec8a9244814eabc04e9ff8dc21a37b66f6bffb
bash-debuginfo-3.2-32.el5_9.2.x86_64.rpm	SHA-256: f27907cf3708f48ae92f77cc38711c7f2335d719c9c3ebf550046f769cd66b8f
i386
bash-3.2-32.el5_9.2.i386.rpm	SHA-256: f85cff9bd9b3dc0665bd3b3d298ab1877cab135e6f20d29e094cec2b0c8b0f5a
bash-debuginfo-3.2-32.el5_9.2.i386.rpm	SHA-256: a324305ceb3015712d67c9bb6e3a3b8cf90a4f1b445c494691d6b15f0f485fc5

Red Hat Enterprise Linux EUS Compute Node 6.4

SRPM
bash-4.1.2-15.el6_4.1.src.rpm	SHA-256: f36913f96ac8feced1d5583818e953607177287f639798da033b5709d4d814b7
x86_64
bash-4.1.2-15.el6_4.1.x86_64.rpm	SHA-256: a5eeb15d911ffea3eec36569ab260e74a34b9c1b53e41fdddebb7d2aa538a3be
bash-debuginfo-4.1.2-15.el6_4.1.x86_64.rpm	SHA-256: 45a4dad9016ba0ca01dde6039651a6dd67a649463247102de8f37bfaccef0e20
bash-debuginfo-4.1.2-15.el6_4.1.x86_64.rpm	SHA-256: 45a4dad9016ba0ca01dde6039651a6dd67a649463247102de8f37bfaccef0e20
bash-doc-4.1.2-15.el6_4.1.x86_64.rpm	SHA-256: 5caea45de01c9d87274bba825e8637ae5605169e0f376e2ca7236c2866e274ac

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.