CVE-2014-6271 updates on Fedora.

IMPORTANT: Refer to this update for revised instructions.

What is CVE-2014-6271?

CVE-2014-6271 is a GNU bash vulnerability that permits specially-crafted environment variables to inject shell commands. This is a fairly serious issue. If you don’t want to wait out the hours until stable updates are issued to fix your Fedora system, here’s what you can do. (The Fedora Project may choose to issue some official guidance, this is just my own helpful hint.)

Fedora 21 Alpha

Run these commands:

su -c "yum -y install koji"   # provide root password...
koji download-build --arch=$(uname -m) bash-4.3.22-3.fc21
su -c "yum localinstall bash-4.3.22-3.fc21.$(uname -m).rpm"   # provide root password again...

Fedora 20

Run these commands:

su -c "yum -y install koji"   # provide root password...
koji download-build --arch=$(uname -m) bash-4.2.47-4.fc20
su -c "yum localinstall bash-4.2.47-4.fc20.$(uname -m).rpm"   # provide root password again...

Fedora 19

Run these commands:

su -c "yum -y install koji"   # provide root password...
koji download-build --arch=$(uname -m) bash-4.2.47-2.fc19
su -c "yum localinstall bash-4.2.47-2.fc19.$(uname -m).rpm"   # provide root password again...

Hope this helps!

2 Comments

  1. Pingback: CVE-2014-7169 updates on Fedora. - The Grand Fallacy

Comments are closed.