IMPORTANT: Refer to this update for revised instructions.
What is CVE-2014-6271?
CVE-2014-6271 is a GNU bash vulnerability that permits specially-crafted environment variables to inject shell commands. This is a fairly serious issue. If you don’t want to wait out the hours until stable updates are issued to fix your Fedora system, here’s what you can do. (The Fedora Project may choose to issue some official guidance, this is just my own helpful hint.)
Fedora 21 Alpha
Run these commands:
su -c "yum -y install koji" # provide root password... koji download-build --arch=$(uname -m) bash-4.3.22-3.fc21 su -c "yum localinstall bash-4.3.22-3.fc21.$(uname -m).rpm" # provide root password again...
Fedora 20
Run these commands:
su -c "yum -y install koji" # provide root password... koji download-build --arch=$(uname -m) bash-4.2.47-4.fc20 su -c "yum localinstall bash-4.2.47-4.fc20.$(uname -m).rpm" # provide root password again...
Fedora 19
Run these commands:
su -c "yum -y install koji" # provide root password... koji download-build --arch=$(uname -m) bash-4.2.47-2.fc19 su -c "yum localinstall bash-4.2.47-2.fc19.$(uname -m).rpm" # provide root password again...
Hope this helps!
Or just download the package for your architecture from here:
//kojipkgs.fedoraproject.org/packages/bash/4.2.47/4.fc20/
Pingback: CVE-2014-7169 updates on Fedora. - The Grand Fallacy