Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2014:1295 - Security Advisory
Issued:
2014-09-24
Updated:
2014-09-24

RHSA-2014:1295 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Critical: bash Shift_JIS security update

Type/Severity

Security Advisory: Critical

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated bash Shift_JIS packages that fix one security issue are now
available for Red Hat Enterprise Linux 5 and 6.

Red Hat Product Security has rated this update as having Critical security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

Description

The GNU Bourne Again shell (Bash) is a shell and command language
interpreter compatible with the Bourne shell (sh). Bash is the default
shell for Red Hat Enterprise Linux.

Shift_JIS, also known as "SJIS", is a character encoding for the Japanese
language. This package provides bash support for the Shift_JIS encoding.

A flaw was found in the way Bash evaluated certain specially crafted
environment variables. An attacker could use this flaw to override or
bypass environment restrictions to execute shell commands. Certain
services and applications allow remote unauthenticated attackers to
provide environment variables, allowing them to exploit this issue.
(CVE-2014-6271)

For additional information on the CVE-2014-6271 flaw, refer to the
Knowledgebase article at https://access.redhat.com/articles/1200223

Red Hat would like to thank Stephane Chazelas for reporting this issue.

All users who require Shift_JIS encoding support with Bash built-in
functions are advised to upgrade to these updated packages, which contain a
backported patch to correct this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258

Affected Products

  • Red Hat S-JIS Support (for RHEL Server) 6 x86_64
  • Red Hat S-JIS Support (for RHEL Server) 6 i386
  • Red Hat S-JIS Support (for RHEL Server) 5 x86_64
  • Red Hat S-JIS Support (for RHEL Server) 5 ia64
  • Red Hat S-JIS Support (for RHEL Server) 5 i386

Fixes

  • BZ - 1141597 - CVE-2014-6271 bash: specially-crafted environment variables can be used to inject shell commands

CVEs

  • CVE-2014-6271

References

  • https://access.redhat.com/security/updates/classification/#critical
  • https://access.redhat.com/articles/1200223
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat S-JIS Support (for RHEL Server) 6

SRPM
bash-4.1.2-15.el6_5.1.sjis.1.src.rpm SHA-256: 013c424a37c75f93471ec86c8e14f103ae9da1b7ac2e34a0913f012b0532f1ee
x86_64
bash-4.1.2-15.el6_5.1.sjis.1.x86_64.rpm SHA-256: 85733a2b52456106d25e4cdfd2a76eeec2339e400d5f94d0105fe2821d874c12
bash-debuginfo-4.1.2-15.el6_5.1.sjis.1.x86_64.rpm SHA-256: 590a4ab0b902312df6f8b98a278732780d5ada846ae5e67795b1e968adf0659b
bash-doc-4.1.2-15.el6_5.1.sjis.1.x86_64.rpm SHA-256: fb564593d14b26668dd802a856dc80a41341b72d4b7a0b95221901423e1a31a7
i386
bash-4.1.2-15.el6_5.1.sjis.1.i686.rpm SHA-256: c8e3f3871202ee7dbf932771b1517a81462494a103f1e0d016cbce445ca20266
bash-debuginfo-4.1.2-15.el6_5.1.sjis.1.i686.rpm SHA-256: 2af744c54e9951cd19b8ff8ceb8aac2222378173c801700a3b381dd5d937fcaa
bash-doc-4.1.2-15.el6_5.1.sjis.1.i686.rpm SHA-256: f0597650a6056b4592dbdf3e122759651a4e02d9eeac72b11299706ef8c09792

Red Hat S-JIS Support (for RHEL Server) 5

SRPM
bash-3.2-33.el5_11.1.sjis.1.src.rpm SHA-256: e73b2394a61863d39e6fee9181d87c2f8673065e3c8d3a2b7b0f5093eaa97a9f
x86_64
bash-3.2-33.el5_11.1.sjis.1.x86_64.rpm SHA-256: 610b03375fae5931aa38b3f16ccd591c61186ceac05ebac7ae562bfd9ad65eed
bash-debuginfo-3.2-33.el5_11.1.sjis.1.x86_64.rpm SHA-256: e22c3cf8f3d5f063bb9ba204c1f91573f4434956640856225edb0365cd6ac6ed
ia64
bash-3.2-33.el5_11.1.sjis.1.i386.rpm SHA-256: 65d4d331d7231e85fc7d9899a63897e3e87899fed81de410440cf23dc477ae7f
bash-3.2-33.el5_11.1.sjis.1.ia64.rpm SHA-256: dc2f6368a202af4de60fc9b13ada35ef4cdce26602586fb0c76b8bf509180c2f
bash-debuginfo-3.2-33.el5_11.1.sjis.1.i386.rpm SHA-256: 4f5159e7d5a1794ee6927c54b6c0f3db1f553091a2383e36f31ec2c1d56e61d6
bash-debuginfo-3.2-33.el5_11.1.sjis.1.ia64.rpm SHA-256: cbbee113ed5294d371ee7351e9440fc046ba4bae7b925058b00caf31c3d87999
i386
bash-3.2-33.el5_11.1.sjis.1.i386.rpm SHA-256: 65d4d331d7231e85fc7d9899a63897e3e87899fed81de410440cf23dc477ae7f
bash-debuginfo-3.2-33.el5_11.1.sjis.1.i386.rpm SHA-256: 4f5159e7d5a1794ee6927c54b6c0f3db1f553091a2383e36f31ec2c1d56e61d6

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2022 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter