RHSA-2014:1354Critical
Red Hat Security Advisory: rhev-hypervisor6 security update
🔗 CVE IDs covered (5)
📋 Description
CVE-2014-1568 — nss: RSA PKCS#1 signature verification forgery flaw (MFSA 2014-73) CVE-2014-6271 — bash: specially-crafted environment variables can be used to inject shell commands CVE-2014-7169 — bash: code execution via specially-crafted environment (Incomplete fix for CVE-2014-6271) CVE-2014-7186 — bash: parser can allow out-of-bounds memory access while handling redir_stack CVE-2014-7187 — bash: off-by-one error in deeply nested flow control constructs
🔗 References (8)
- selfhttps://access.redhat.com/errata/RHSA-2014:1354
- externalhttps://access.redhat.com/security/updates/classification/#critical
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1141597
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1145429
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1146319
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1146791
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1146804
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_1354.json