OVAL Reference oval:org.mitre.oval:def:26665

CVE-2014-6271 released in DSA-3032-1 for bash, the GNU Bourne-Again Shell, was incomplete and could still allow some characters to be injected into another environment (CVE-2014-7169). With this update prefix and suffix for environment variable names which contain shell functions are added as hardening measure."> OVAL Reference oval:org.mitre.oval:def:26665 - CERT Civis.Net

Oval Definition:

oval:org.mitre.oval:def:26665

Revision Date:	2014-11-10	Version:	4
Title:	DSA-3035-1 bash - security update
Description:	Tavis Ormandy discovered that the patch applied to fix CVE-2014-6271 released in DSA-3032-1 for bash, the GNU Bourne-Again Shell, was incomplete and could still allow some characters to be injected into another environment (CVE-2014-7169). With this update prefix and suffix for environment variable names which contain shell functions are added as hardening measure.
Family:	unix	Class:	patch
Status:	ACCEPTED	Reference(s):	CVE-2014-6271 CVE-2014-7169 DSA-3035-1
Platform(s):	Debian GNU/kFreeBSD 7.0 Debian GNU/Linux 7.0	Product(s):	bash
Definition Synopsis
Debian 7 is installed AND GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed OR Debian GNU/kFreeBSD is installed AND bash DPKG is earlier than 0:4.2+dfsg-0.1+deb7u3

BACK