| Archive |
Packages : bash Urgent Update
on 2014-10-01 (3617 reads)
* Security Update
A security vulnerability ("shellshock") is discovered in bash package provided in BSP v4 and v4.5.
Related Information
- -----------------
- Vulnerability Summary for CVE-2014-6271
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
- Vulnerability Summary for CVE-2014-7169
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169 -----------------
- (Japanese)
- http://www.ipa.go.jp/security/ciadr/vul/20140926-bash.html -----------------
- (Japanese)
- https://www.jpcert.or.jp/at/2014/at140037.html -----------------
NVD - Detail
IPA:INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN
JPCERT: Japan Computer Emergency Response Team Coordination Center
Bash packages in question
Carry out one of two corrective actions below depending on your usage environment on a target.
- bash-3.0-31u3 (BSP v4)
- bash-3.2-32u1 (BSP v4.5)
- bash-3.2-32u1.1 (BSP v4.5)
Carry out one of two corrective actions below depending on your usage environment on a target.
* Note that procedure indicated here is either add package or change project setting on generated project, so a project must be ready in advance.
1) Use fixed package
- bash-3.2-33u.4.src.rpm
- Procedure
- 1) Select [Add Package] from the [Edit] menu on a Package List.
- 2) Select bash package you wish to add.
- 3) Click [View] to open the Choose Package window.
- 4) Select SRPM file to add and click [Decision].
- Added package appears in read on the Package List.
- 5) Click [Decision] on the Package List.
- Existing packages are integrated and sorted as diverse versions. "Version" field becomes greenish yellow and selectable pull-down.
- 6) Click [Close] to exit.
- Once procedures above are completed, carry out bash package build, quick build, RFS generation and deploy to update your system on a target.
- For more details, refer to "Adding Packages" in Chapter 4 of Lineo uLinux ELITE User Guide.
2) Use substitute shell (Not to use bash package)
- e.g.) Change /bin/bash and /bin/sh to the ones that of busybox package
- Procedure
- 1) Open Target Image Editor.
- 2) Select "Conflict View" tab.
- 3) Select /bin/bash from the list and change package from bash to busybox.
- 4) elect /bin/sh from the list and change package from bash to busybox.
- Once procedures above are completed, carry out RFS generation and deploy to update your system on a target.
- For more details, refer to "Eliminating Conflicts" in Chapter 4 of Lineo uLinux ELITE User Guide.