{"id":"MGASA-2014-0394","summary":"Updated bash packages fix multiple security vulnerabilities","details":"Updated bash packages fix security vulnerabilities:\n\nBash has been updated to version 4.2 patch level 50, which further mitigates\nShellShock-type vulnerabilities.  Two such issues have already been discovered\n(CVE-2014-6277, CVE-2014-6278).\n\nSee the RedHat article on the backward-incompatible changes introduced by the\nlatest patch, caused by adding prefixes and suffixes to the variable names used\nfor exporting functions.  Note that the RedHat article mentions these variable\nnames will have parentheses \"()\" at the end of their names, however, the latest\nupstream patch uses two percent signs \"%%\" at the end instead.\n\nTwo other unrelated security issues in the parser have also been fixed in this\nupdate (CVE-2014-7186, CVE-2014-7187).\n","modified":"2026-04-16T01:47:55.296750618Z","published":"2014-10-01T09:34:33Z","upstream":["CVE-2014-6277","CVE-2014-6278","CVE-2014-7186","CVE-2014-7187"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0394.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=14193"},{"type":"WEB","url":"https://access.redhat.com/articles/1200223"},{"type":"WEB","url":"https://rhn.redhat.com/errata/RHSA-2014-1306.html"},{"type":"ADVISORY","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6277"},{"type":"ADVISORY","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6278"}],"affected":[{"package":{"name":"bash","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/bash?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2-50.2.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0394.json"}},{"package":{"name":"bash","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/bash?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2-50.2.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0394.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}