Red Hat Customer Portal

Skip to main content

Security Advisory Critical: bash security update

Advisory: RHSA-2014:1294-1
Type: Security Advisory
Severity: Critical
Issued on: 2014-09-24
Last updated on: 2014-09-24
Affected Products: Red Hat Enterprise Linux ELS (v. 4)
Red Hat Enterprise Linux EUS (v. 5.9.z server)
Red Hat Enterprise Linux Long Life (v. 5.6 server)
Red Hat Enterprise Linux Long Life (v. 5.9 server)
Red Hat Enterprise Linux Server AUS (v. 6.2)
Red Hat Enterprise Linux Server AUS (v. 6.4)
Red Hat Enterprise Linux Server EUS (v. 6.4.z)
CVEs (cve.mitre.org): CVE-2014-6271

Details

Updated bash packages that fix one security issue are now available for Red
Hat Enterprise Linux 4 Extended Life Cycle Support, Red Hat Enterprise
Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended Update Support,
Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat
Enterprise Linux 6.4 Extended Update Support.

Red Hat Product Security has rated this update as having Critical security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

The GNU Bourne Again shell (Bash) is a shell and command language
interpreter compatible with the Bourne shell (sh). Bash is the default
shell for Red Hat Enterprise Linux.

A flaw was found in the way Bash evaluated certain specially crafted
environment variables. An attacker could use this flaw to override or
bypass environment restrictions to execute shell commands. Certain
services and applications allow remote unauthenticated attackers to
provide environment variables, allowing them to exploit this issue.
(CVE-2014-6271)

For additional information on the CVE-2014-6271 flaw, refer to the
Knowledgebase article at https://access.redhat.com/articles/1200223

Red Hat would like to thank Stephane Chazelas for reporting this issue.

All bash users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258

Updated packages

Red Hat Enterprise Linux ELS (v. 4)

SRPMS:
bash-3.0-27.el4.2.src.rpm
File outdated by:  RHSA-2014:1311
    MD5: 46513142d0bcec11c7e1b66b16368ae1
SHA-256: ddfa1244deb1d1a7ae90d83ceec291abdbe83f218c0266fabc96b15cc7fa6c2a
 
IA-32:
bash-3.0-27.el4.2.i386.rpm
File outdated by:  RHSA-2014:1311
    MD5: 44a88cb076d84c1639cdbc5598d1ffa2
SHA-256: 4e9525774fcdd451d71c1940a2276e23ec98b0617a813e1e80ef8de9784d22ad
 
IA-64:
bash-3.0-27.el4.2.i386.rpm
File outdated by:  RHSA-2014:1311
    MD5: 44a88cb076d84c1639cdbc5598d1ffa2
SHA-256: 4e9525774fcdd451d71c1940a2276e23ec98b0617a813e1e80ef8de9784d22ad
bash-3.0-27.el4.2.ia64.rpm
File outdated by:  RHSA-2014:1311
    MD5: a7f73c3ebac478456cecb0641bb31838
SHA-256: 85aa44707853f5881330b8baf4ddf537a9eea5a323b4bf46238c697d82db82de
 
x86_64:
bash-3.0-27.el4.2.x86_64.rpm
File outdated by:  RHSA-2014:1311
    MD5: 9e6774098a4d6fe7b389170b45be828e
SHA-256: b5c788167f3fa5fabf9e0efcdb78a391a670b0026ce11ba657ac87a679084a86
 
Red Hat Enterprise Linux EUS (v. 5.9.z server)

SRPMS:
bash-3.2-32.el5_9.2.src.rpm
File outdated by:  RHSA-2014:1311
    MD5: 91f49bcf5c9b2446d0591848bb7730bd
SHA-256: 8b4359d4050424fe967c17455f4434488a1122531e2c909ae4f61a96bc7fca38
 
IA-32:
bash-3.2-32.el5_9.2.i386.rpm
File outdated by:  RHSA-2014:1311
    MD5: f0a1e58eda0b90a6bb470b93171636ff
SHA-256: f85cff9bd9b3dc0665bd3b3d298ab1877cab135e6f20d29e094cec2b0c8b0f5a
bash-debuginfo-3.2-32.el5_9.2.i386.rpm
File outdated by:  RHSA-2014:1311
    MD5: 0067d14d017c63655805b8ff58792563
SHA-256: a324305ceb3015712d67c9bb6e3a3b8cf90a4f1b445c494691d6b15f0f485fc5
 
IA-64:
bash-3.2-32.el5_9.2.i386.rpm
File outdated by:  RHSA-2014:1311
    MD5: f0a1e58eda0b90a6bb470b93171636ff
SHA-256: f85cff9bd9b3dc0665bd3b3d298ab1877cab135e6f20d29e094cec2b0c8b0f5a
bash-3.2-32.el5_9.2.ia64.rpm
File outdated by:  RHSA-2014:1311
    MD5: 476f9191b9a1bf27969f04e1194e4658
SHA-256: 4637dde859e70feae066fd7ee578fd496e1d3378a5e84c11caafa52884095b95
bash-debuginfo-3.2-32.el5_9.2.i386.rpm
File outdated by:  RHSA-2014:1311
    MD5: 0067d14d017c63655805b8ff58792563
SHA-256: a324305ceb3015712d67c9bb6e3a3b8cf90a4f1b445c494691d6b15f0f485fc5
bash-debuginfo-3.2-32.el5_9.2.ia64.rpm
File outdated by:  RHSA-2014:1311
    MD5: 653aed4c04b0e40a0135365f1ebe4936
SHA-256: 75189926eb4077ac6fef9a8c14bd797b0c1df8ea5dde55d3eaef343bb2133e83
 
PPC:
bash-3.2-32.el5_9.2.ppc.rpm
File outdated by:  RHSA-2014:1311
    MD5: b2fc481289790fecd97d60ae736a5138
SHA-256: d7a436d1fdbc68de6adb09bf242c9ad9829bfdbfa382c9a09d7e4fc5281f93cf
bash-debuginfo-3.2-32.el5_9.2.ppc.rpm
File outdated by:  RHSA-2014:1311
    MD5: 7a27cde2dc4f35f1d3786a70b6146416
SHA-256: 6a5d6e573da12dac02f55d1bd1f550769a3570b29d6455409f1dc339dbb676fe
 
s390x:
bash-3.2-32.el5_9.2.s390x.rpm
File outdated by:  RHSA-2014:1311
    MD5: ab46a3621a8b726d43a55d7b814652ab
SHA-256: 548b97e62a6cdf8ac2094f1d6d23070c8868242ee6a4bc9e1c08334de643748a
bash-debuginfo-3.2-32.el5_9.2.s390x.rpm
File outdated by:  RHSA-2014:1311
    MD5: 4562850755ede5f685397b7ac5ec36bb
SHA-256: 696f50eb41bafd82d14395186748e3f3ac9a5d74fc52081118e20314cc37701b
 
x86_64:
bash-3.2-32.el5_9.2.x86_64.rpm
File outdated by:  RHSA-2014:1311
    MD5: 3adf3d9675dabede987d59e633d922ed
SHA-256: 8a7bc45406007938a390399ce3ec8a9244814eabc04e9ff8dc21a37b66f6bffb
bash-debuginfo-3.2-32.el5_9.2.x86_64.rpm
File outdated by:  RHSA-2014:1311
    MD5: 6a2b084fdd5d04edaf2a099011a10d33
SHA-256: f27907cf3708f48ae92f77cc38711c7f2335d719c9c3ebf550046f769cd66b8f
 
Red Hat Enterprise Linux Long Life (v. 5.6 server)

SRPMS:
bash-3.2-24.el5_6.1.src.rpm
File outdated by:  RHSA-2014:1311
    MD5: 00d1bf030a43ee2d25619bb6fcd2b527
SHA-256: 35d6252f1b01db8d330591d5be2ae41ad6bbdc71939509e68c8fa717f36ed6ca
 
IA-32:
bash-3.2-24.el5_6.1.i386.rpm
File outdated by:  RHSA-2014:1311
    MD5: f1e61f3eb2918733ee418fe08eedf4cc
SHA-256: e3264238ad7effececabee181433b599941e5c7a1e33a315b0a8b664f6d5e725
bash-debuginfo-3.2-24.el5_6.1.i386.rpm
File outdated by:  RHSA-2014:1311
    MD5: 717dbef51bd199fa9642d8caed3a5338
SHA-256: 73ea4005c82744684392e35db2d96fd0505cdcc7769e4eb82708880db0b74e1a
 
IA-64:
bash-3.2-24.el5_6.1.i386.rpm
File outdated by:  RHSA-2014:1311
    MD5: f1e61f3eb2918733ee418fe08eedf4cc
SHA-256: e3264238ad7effececabee181433b599941e5c7a1e33a315b0a8b664f6d5e725
bash-3.2-24.el5_6.1.ia64.rpm
File outdated by:  RHSA-2014:1311
    MD5: ee5764456404f2bac2751e4aa812aa2b
SHA-256: a2a1beb99735263c01e744a95a19c46ff1b9fc0481f11d7f7ca462d8c1221ebd
bash-debuginfo-3.2-24.el5_6.1.i386.rpm
File outdated by:  RHSA-2014:1311
    MD5: 717dbef51bd199fa9642d8caed3a5338
SHA-256: 73ea4005c82744684392e35db2d96fd0505cdcc7769e4eb82708880db0b74e1a
bash-debuginfo-3.2-24.el5_6.1.ia64.rpm
File outdated by:  RHSA-2014:1311
    MD5: 984089a0ce85e1e072773f66ada20af4
SHA-256: 57db77022719dbc2462c50d7643d3bdd8c1bfed4ed053b0fd011a006e7af5d95
 
x86_64:
bash-3.2-24.el5_6.1.x86_64.rpm
File outdated by:  RHSA-2014:1311
    MD5: 78198169084d0e3a44cc80e6bca84d4e
SHA-256: f83f3724931258bb01e704e3c696b3731e9cb2577f1d691ffc1b66097b8db854
bash-debuginfo-3.2-24.el5_6.1.x86_64.rpm
File outdated by:  RHSA-2014:1311
    MD5: 63cdfc99d680236569506b64d5d01298
SHA-256: 68d0b0f7c833a7f6aa90f6fb6b6e69d68a853945da2ce595737870b40bf7a527
 
Red Hat Enterprise Linux Long Life (v. 5.9 server)

SRPMS:
bash-3.2-32.el5_9.2.src.rpm
File outdated by:  RHSA-2014:1311
    MD5: 91f49bcf5c9b2446d0591848bb7730bd
SHA-256: 8b4359d4050424fe967c17455f4434488a1122531e2c909ae4f61a96bc7fca38
 
IA-32:
bash-3.2-32.el5_9.2.i386.rpm
File outdated by:  RHSA-2014:1311
    MD5: f0a1e58eda0b90a6bb470b93171636ff
SHA-256: f85cff9bd9b3dc0665bd3b3d298ab1877cab135e6f20d29e094cec2b0c8b0f5a
bash-debuginfo-3.2-32.el5_9.2.i386.rpm
File outdated by:  RHSA-2014:1311
    MD5: 0067d14d017c63655805b8ff58792563
SHA-256: a324305ceb3015712d67c9bb6e3a3b8cf90a4f1b445c494691d6b15f0f485fc5
 
IA-64:
bash-3.2-32.el5_9.2.i386.rpm
File outdated by:  RHSA-2014:1311
    MD5: f0a1e58eda0b90a6bb470b93171636ff
SHA-256: f85cff9bd9b3dc0665bd3b3d298ab1877cab135e6f20d29e094cec2b0c8b0f5a
bash-3.2-32.el5_9.2.ia64.rpm
File outdated by:  RHSA-2014:1311
    MD5: 476f9191b9a1bf27969f04e1194e4658
SHA-256: 4637dde859e70feae066fd7ee578fd496e1d3378a5e84c11caafa52884095b95
bash-debuginfo-3.2-32.el5_9.2.i386.rpm
File outdated by:  RHSA-2014:1311
    MD5: 0067d14d017c63655805b8ff58792563
SHA-256: a324305ceb3015712d67c9bb6e3a3b8cf90a4f1b445c494691d6b15f0f485fc5
bash-debuginfo-3.2-32.el5_9.2.ia64.rpm
File outdated by:  RHSA-2014:1311
    MD5: 653aed4c04b0e40a0135365f1ebe4936
SHA-256: 75189926eb4077ac6fef9a8c14bd797b0c1df8ea5dde55d3eaef343bb2133e83
 
x86_64:
bash-3.2-32.el5_9.2.x86_64.rpm
File outdated by:  RHSA-2014:1311
    MD5: 3adf3d9675dabede987d59e633d922ed
SHA-256: 8a7bc45406007938a390399ce3ec8a9244814eabc04e9ff8dc21a37b66f6bffb
bash-debuginfo-3.2-32.el5_9.2.x86_64.rpm
File outdated by:  RHSA-2014:1311
    MD5: 6a2b084fdd5d04edaf2a099011a10d33
SHA-256: f27907cf3708f48ae92f77cc38711c7f2335d719c9c3ebf550046f769cd66b8f
 
Red Hat Enterprise Linux Server AUS (v. 6.2)

SRPMS:
bash-4.1.2-9.el6_2.1.src.rpm
File outdated by:  RHBA-2016:0606
    MD5: a53b3946a8a3aeec8f7ad1ec4c29033f
SHA-256: 6090ac4a03c5a01fe8a4202db69367312789ab8f91351a01acdf1e1b2b1efb9d
 
x86_64:
bash-4.1.2-9.el6_2.1.x86_64.rpm
File outdated by:  RHBA-2016:0606
    MD5: 0ec1a23c3b9656f05aaa996c8a64c62a
SHA-256: 322e5fe859661034fae06051e4e0aedb72f1b2ba4c555a9d70e19f3c48e2c67f
bash-debuginfo-4.1.2-9.el6_2.1.x86_64.rpm
File outdated by:  RHBA-2016:0606
    MD5: 003b7b678a79320f9eb66ff59969c088
SHA-256: dc16b43a27ec4efa5a217be2ea89496bfe62246b02f8c5d9c0e216f6bdca7f89
bash-doc-4.1.2-9.el6_2.1.x86_64.rpm
File outdated by:  RHBA-2016:0606
    MD5: 4b7834fc2c19b0010c62a3c70edda69a
SHA-256: 9c2c3eb9e77c84d62ea9c28487316b0d326d61bb5278ec7dd84220a522c046aa
 
Red Hat Enterprise Linux Server AUS (v. 6.4)

SRPMS:
bash-4.1.2-15.el6_4.1.src.rpm
File outdated by:  RHSA-2014:1311
    MD5: 6a9a43ea30ea878f34829f77617e6bcf
SHA-256: f36913f96ac8feced1d5583818e953607177287f639798da033b5709d4d814b7
 
x86_64:
bash-4.1.2-15.el6_4.1.x86_64.rpm
File outdated by:  RHBA-2016:0607
    MD5: 2203a61b70470c0d769554f6bb1d5595
SHA-256: a5eeb15d911ffea3eec36569ab260e74a34b9c1b53e41fdddebb7d2aa538a3be
bash-debuginfo-4.1.2-15.el6_4.1.x86_64.rpm
File outdated by:  RHBA-2016:0607
    MD5: cdbc91c3364e6a7b452fcb9cdb5927aa
SHA-256: 45a4dad9016ba0ca01dde6039651a6dd67a649463247102de8f37bfaccef0e20
bash-doc-4.1.2-15.el6_4.1.x86_64.rpm
File outdated by:  RHBA-2016:0607
    MD5: 6575e7208030b9e516f781494378cfc0
SHA-256: 5caea45de01c9d87274bba825e8637ae5605169e0f376e2ca7236c2866e274ac
 
Red Hat Enterprise Linux Server EUS (v. 6.4.z)

SRPMS:
bash-4.1.2-15.el6_4.1.src.rpm
File outdated by:  RHSA-2014:1311
    MD5: 6a9a43ea30ea878f34829f77617e6bcf
SHA-256: f36913f96ac8feced1d5583818e953607177287f639798da033b5709d4d814b7
 
IA-32:
bash-4.1.2-15.el6_4.1.i686.rpm
File outdated by:  RHSA-2014:1311
    MD5: e20adee273c65d2e6bde6b762ffbb4c3
SHA-256: fee27cdafd664504c36c13ce752d9893eb987e9b16b6705ddd64849ae899d9b8
bash-debuginfo-4.1.2-15.el6_4.1.i686.rpm
File outdated by:  RHSA-2014:1311
    MD5: e1cdb8fd8af5f66687614ca80c1e3435
SHA-256: e5d67ab0a4d863ecb4ba015d0e1152eb61dbe7082e3bcb757548f1564210ca50
bash-doc-4.1.2-15.el6_4.1.i686.rpm
File outdated by:  RHSA-2014:1311
    MD5: fd297708497fa5314b1743607ccef25a
SHA-256: f843dbe375c7d0afce2e0d689c38e38465ac709fe254520d29a4113aefa03205
 
PPC:
bash-4.1.2-15.el6_4.1.ppc64.rpm
File outdated by:  RHSA-2014:1311
    MD5: a174af1349730837b1ea0c4bab1740cb
SHA-256: d89519c8cf33c425d45fccd019d8afccd5c600f197d55ef91431de24975e807a
bash-debuginfo-4.1.2-15.el6_4.1.ppc64.rpm
File outdated by:  RHSA-2014:1311
    MD5: a11867a584636ba543cdddbc835e2134
SHA-256: 9a000c48a2965d334b13419de5cae361d15d13ced0d939c946eebd3fc9bee70f
bash-doc-4.1.2-15.el6_4.1.ppc64.rpm
File outdated by:  RHSA-2014:1311
    MD5: cb1c5e42b4e5618c5d60312d6fa58af0
SHA-256: f1ae58da6cc551644f76fe124b91c4eaf9abdff67eb3ea46de4ae0db3dbbdfec
 
s390x:
bash-4.1.2-15.el6_4.1.s390x.rpm
File outdated by:  RHSA-2014:1311
    MD5: 664beaae98005e91c595875633a4c702
SHA-256: 4a2c86cd2df099bf887a1f6a599633228fa00c6ae2e9971c0f6055d72a80f1ad
bash-debuginfo-4.1.2-15.el6_4.1.s390x.rpm
File outdated by:  RHSA-2014:1311
    MD5: bb10e0e05ec8d377cf42c0440856bfae
SHA-256: d4fc1f76ee1764880e09b2b7e0bd7e325058ca2e7d213da9ae7ea147716f5cc7
bash-doc-4.1.2-15.el6_4.1.s390x.rpm
File outdated by:  RHSA-2014:1311
    MD5: 652b335a5d0e12e497749fb6f3fdd726
SHA-256: 53ed241961a634ff3e7fc39bd1f7877480e3d2deca4ed8957a661c828159f1a8
 
x86_64:
bash-4.1.2-15.el6_4.1.x86_64.rpm
File outdated by:  RHSA-2014:1311
    MD5: 2203a61b70470c0d769554f6bb1d5595
SHA-256: a5eeb15d911ffea3eec36569ab260e74a34b9c1b53e41fdddebb7d2aa538a3be
bash-debuginfo-4.1.2-15.el6_4.1.x86_64.rpm
File outdated by:  RHSA-2014:1311
    MD5: cdbc91c3364e6a7b452fcb9cdb5927aa
SHA-256: 45a4dad9016ba0ca01dde6039651a6dd67a649463247102de8f37bfaccef0e20
bash-doc-4.1.2-15.el6_4.1.x86_64.rpm
File outdated by:  RHSA-2014:1311
    MD5: 6575e7208030b9e516f781494378cfc0
SHA-256: 5caea45de01c9d87274bba825e8637ae5605169e0f376e2ca7236c2866e274ac
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1141597 - CVE-2014-6271 bash: specially-crafted environment variables can be used to inject shell commands


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/