Important security fix for bash that allows the injection of commands.
This update fixes a bug in the bash shell that
allows an attacker to execute arbitrary commands
upon shell invocation if he can control
the shell's environment. This is particularly
dangerous if the shell is used as a cgi interpreter
for a web server, or if the shell handles untrusted
input inherited in the environment from other sources.
-
Submitted by
Roman Drahtmueller (draht)
Fixed bugs
bnc#896776
VUL-0: CVE-2014-6271: bash: unexpected code execution with environment variables
