IMHO, Red Hat fix included 3 patches.
- bash-4.2-cve-2014-7169-0.patch : parser bug fix-A for CVE-2014-7169 (same as http://seclists.org/oss-sec/2014/q3/685 )
- bash-4.2-cve-2014-7169-1.patch : introduce variable isolation in function import situation. another fix for CVE-2014-7169. this is new patch.
- bash-4.2-cve-2014-7169-2.patch : OOB memory access(new problem) fix.
Hi,
Red Hat released new packages at https:/ /rhn.redhat. com/errata/ RHSA-2014- 1306.html, that include fix for CVE-2014-7169, and they fixed with another way, and another problems (OOB memory access).
We can investigate from RH SRPM, http:// ftp.redhat. com/pub/ redhat/ linux/enterpris e/6Server/ en/os/SRPMS/ bash-4. 1.2-15. el6_5.2. src.rpm
IMHO, Red Hat fix included 3 patches. 2-cve-2014- 7169-0. patch : parser bug fix-A for CVE-2014-7169 (same as http:// seclists. org/oss- sec/2014/ q3/685 ) 2-cve-2014- 7169-1. patch : introduce variable isolation in function import situation. another fix for CVE-2014-7169. this is new patch. 2-cve-2014- 7169-2. patch : OOB memory access(new problem) fix.
- bash-4.
- bash-4.
- bash-4.
They probosed these new patches at http:// www.openwall. com/lists/ oss-security/ 2014/09/ 25/32 .
I make a proposition about that, could we apply these new patches? or they are not important?