| Description: | The GNU Bourne Again shell (Bash) is a shell and command languageinterpreter compatible with the Bourne shell (sh). Bash is the defaultshell for Red Hat Enterprise Linux.A flaw was found in the way Bash evaluated certain specially craftedenvironment variables. An attacker could use this flaw to override orbypass environment restrictions to execute shell commands. Certainservices and applications allow remote unauthenticated attackers toprovide environment variables, allowing them to exploit this issue.(CVE-2014-6271)For additional information on the CVE-2014-6271 flaw, refer to theKnowledgebase article at https://access.redhat.com/articles/1200223Red Hat would like to thank Stephane Chazelas for reporting this issue.All bash users are advised to upgrade to these updated packages, whichcontain a backported patch to correct this issue. |