| Archive |
on 2015-10-30 (3558 reads)
9 packages are updated for the BSPv4.5 package.
- [BSPv4.5 Package Update]
- hplip-3.14.6-3u
- libxml2-2.7.6-20u
- nfs-utils-lib-1.1.5-11u
- nfs-utils-1.2.3-64u
- openssh-5.3p1-112u
- openssl-1.0.1e-42u
- pam-1.1.1-20u.1
- python-2.6.6-64u
- tzdata-2015f-1u
on 2015-07-31 (2831 reads)
3 packages are updated for the BSPv4.5 package.
- [BSPv4.5 Package Update]
- pam-1.1.1-20u
- openssl-1.0.1e-30u.11
- tzdata-2015e-1u
on 2015-04-30 (2892 reads)
20 packages are updated for the BSPv4.5 package.
- [BSPv4.5 Package Update]
- busybox-1.20.2-2u_ccpu
- cups-1.3.7-32u
- e2fsprogs-1.39-37u
- hplip-3.12.4-6u
- initscripts-8.45.45-1u
- keyutils-1.4-5u
- libtirpc-0.2.1-10u
- libxml2-2.7.6-17u.1
- module-init-tools-3.3-0.pre3.1.63u
- net-snmp-5.3.2.2-25u
- nfs-utils-lib-1.1.5-9u
- nfs-utils-1.2.3-54u
- openssh-5.3p1-104u.1
- openssl-1.0.1e-30u.7
- pcre-6.6-9u
- perl-5.8.8-43u
- php-5.1.6-45u
- ruby-1.8.7.374-4u
- sendmail-8.13.8-10u
- tzdata-2015b-1u
on 2014-10-30 (2936 reads)
5 packages are updated for the BSPv4.5 package.
- [BSPv4.5 Package Update]
- libtirpc-0.2.1-6u.2
- nfs-utils-1.2.3-39u.3
- openssl-1.0.1e-16u.15
- procmail-3.22-17.1.2u
- tzdata-2014e-1u
on 2014-10-01 (4068 reads)
* Security Update
A security vulnerability ("shellshock") is discovered in bash package provided in BSP v4 and v4.5.
Related Information
- -----------------
- Vulnerability Summary for CVE-2014-6271
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
- Vulnerability Summary for CVE-2014-7169
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169 -----------------
- (Japanese)
- http://www.ipa.go.jp/security/ciadr/vul/20140926-bash.html -----------------
- (Japanese)
- https://www.jpcert.or.jp/at/2014/at140037.html -----------------
NVD - Detail
IPA:INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN
JPCERT: Japan Computer Emergency Response Team Coordination Center
Bash packages in question
Carry out one of two corrective actions below depending on your usage environment on a target.
- bash-3.0-31u3 (BSP v4)
- bash-3.2-32u1 (BSP v4.5)
- bash-3.2-32u1.1 (BSP v4.5)
Carry out one of two corrective actions below depending on your usage environment on a target.
* Note that procedure indicated here is either add package or change project setting on generated project, so a project must be ready in advance.
1) Use fixed package
- bash-3.2-33u.4.src.rpm
- Procedure
- 1) Select [Add Package] from the [Edit] menu on a Package List.
- 2) Select bash package you wish to add.
- 3) Click [View] to open the Choose Package window.
- 4) Select SRPM file to add and click [Decision].
- Added package appears in read on the Package List.
- 5) Click [Decision] on the Package List.
- Existing packages are integrated and sorted as diverse versions. "Version" field becomes greenish yellow and selectable pull-down.
- 6) Click [Close] to exit.
- Once procedures above are completed, carry out bash package build, quick build, RFS generation and deploy to update your system on a target.
- For more details, refer to "Adding Packages" in Chapter 4 of Lineo uLinux ELITE User Guide.
2) Use substitute shell (Not to use bash package)
- e.g.) Change /bin/bash and /bin/sh to the ones that of busybox package
- Procedure
- 1) Open Target Image Editor.
- 2) Select "Conflict View" tab.
- 3) Select /bin/bash from the list and change package from bash to busybox.
- 4) elect /bin/sh from the list and change package from bash to busybox.
- Once procedures above are completed, carry out RFS generation and deploy to update your system on a target.
- For more details, refer to "Eliminating Conflicts" in Chapter 4 of Lineo uLinux ELITE User Guide.
