Mandriva Update For Bash MDVSA-2012:128 (bash) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability was found and corrected in bash: A stack-based buffer overflow flaw was found in the way bash, the GNU Bourne Again shell, expanded certain /dev/fd file names when checking file names (&#039 test&#039 command) and evaluating /dev/fd file names in conditinal command expressions. A remote attacker could provide a specially-crafted Bash script that, when executed, would cause the bash executable to crash (CVE-2012-3410). Additionally the official patches 011 to 037 for bash-4.2 has been applied which resolves other issues found, including the CVE-2012-3410 vulnerability.

Affected

bash on Mandriva Linux 2011.0

Severity

Classification

CVE CVE-2012-3410
CVSS Base Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:040 (dia)
Mandrake Security Advisory MDVSA-2009:130 (gstreamer0.10-plugins-good)
Mandrake Security Advisory MDVSA-2009:026-1 (phpMyAdmin)
Mandrake Security Advisory MDVSA-2009:213 (wxgtk)
Mandrake Security Advisory MDVSA-2009:046 (dia)

Mandriva Update for bash MDVSA-2012:128 (bash)

Take action and discover your vulnerabilities