Linux, musical road-dogging, and daily life by Paul W. Frields
 
CVE-2014-7169 updates on Fedora.

CVE-2014-7169 updates on Fedora.

CVE-2014-7169 is an additional security issue in the GNU bash shell that emerged after researchers discovered the fixes for CVE-2014-6271 did not completely solve the vulnerabilities they had identified. Fedora Magazine has a very useful story that tells you why these issues are important.

Since I already published a story on how to deal with CVE-2014-6271, I might as well do a quick followup here for my readers on how to deal with the additional vulnerability.

These instructions will allow you to quickly get packages from the Fedora Koji package build system to address both CVEs, without having to wait for them to propagate to Fedora’s worldwide mirror system.

Fedora 21 Alpha

Run these commands:

su -c "yum -y install koji"   # provide root password...
koji download-build --arch=$(uname -m) bash-4.3.25-2.fc21
su -c "yum localinstall bash-4.3.25-2.fc21.$(uname -m).rpm"   # provide root password again...

Fedora 20

Run these commands:

su -c "yum -y install koji"   # provide root password...
koji download-build --arch=$(uname -m) bash-4.2.48-2.fc20
su -c "yum localinstall bash-4.2.48-2.fc20.$(uname -m).rpm"   # provide root password again...

Fedora 19

Run these commands:

su -c "yum -y install koji"   # provide root password...
koji download-build --arch=$(uname -m) bash-4.2.48-2.fc19
su -c "yum localinstall bash-4.2.48-2.fc19.$(uname -m).rpm"   # provide root password again...

Hope this helps!

One comment

  1. Pingback: CVE-2014-6271 updates on Fedora. - The Grand Fallacy

Comments are closed.

%d