Oracle Security Alert for CVE-2014-7169
来源:互联网 发布:最小公倍数算法流程图 编辑:程序博客网 时间:2024/05/02 01:27
Oracle Security Alert for CVE-2014-7169
Description
This Security Alert addressesmultiple publicly disclosed vulnerabilities affecting GNU Bash, specifically CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277 and CVE-2014-6278.GNU Bash is a popular open source command line shell incorporated into Linux and other widely used operating systems. These vulnerabilities affect multiple Oracle products. These vulnerabilities may be remotely exploitable without authentication, i.e. may be exploited over a network without the need for a username and password. A remote user can exploit these vulnerabilities to execute arbitrary code on systems that are running affected versions of Bash.
Forthis document, the vulnerabilities listed above will be referred to collectively as CVE-2014-7169.
Oracle is investigating and will provide fixes for affected products as soon as they have been fully tested and determined to provide effective mitigation against these vulnerabilities.
Due to the severity, public disclosure, and reports of active exploitation of CVE-2014-7169 and the related vulnerabilities, Oracle strongly recommends that customers apply the fixes provided by this Security Alert as soon as they are released by Oracle.Affected Products and Versions
Please refer to Bash Vulnerabilities - CVE-2014-7169 for a list of Oracle products and versions that are affected by these vulnerabilities.That pagewill be updated when new information becomes available.
Patch Availability
Patch availability information related to these vulnerabilities can be found on theBash Vulnerabilities - CVE-2014-7169 page. Note that in some instances, the instructions on this page or references from this page may include important steps to take before and after the application of the relevant patch.
Supported Products and Versions
Patch availability information is provided only for product versions that are covered under the Premier Support or Extended Support phases of theLifetime Support Policy. We recommend that customers remain on actively supported versions to ensure that they continue to receive security fixes from Oracle.
Product releases that are not under Premier Support or Extended Support are not tested for the presence of the vulnerabilities addressed by this Security Alert. However, it is likely that earlier versions of affected releases are also affected by these vulnerabilities.
Products in Extended Support
Security Alert fixes are available to customers who have purchased Extended Support under theLifetime Support Policy. Customers must have a valid Extended Support service contract to apply Security Alert fixes for products in the Extended Support Phase.
References
- Oracle Critical Patch Updates and Security Alerts main page[ Oracle Technology Network ]
- Oracle Critical Patch Updates and Security Alerts - Frequently Asked Questions[ CPU FAQ ]
- Risk Matrix definitions[ Risk Matrix Definitions ]
- Use of Common Vulnerability Scoring System (CVSS) by Oracle[ Oracle CVSS Scoring ]
- English text version of risk matrix[ Oracle Technology Network ]
- CVRF XML version of the risk matrix [Oracle Technology Network ]
Modification History
Appendix - Oracle Sun Systems Products Suite
Oracle Sun Systems Products Suite Executive Summary
This Security Alert contains 1 new security fix for the Oracle Sun Systems Products Suite. This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. The English text form of this Risk Matrix can be found here.
Oracle Sun Systems Products Suite Risk Matrix
component
tication
tiality
ability
Notes:
- The CVSS score is taken from
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169.
Appendix - Oracle Linux and Virtualization
Oracle Linux Executive Summary
This Security Alert contains 1 new security fix for Oracle Linux. This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. The English text form of this Risk Matrix can be found here.
Oracle Linux Risk Matrix
component
tication
tiality
ability
Notes:
- The CVSS score is taken from
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169.
- Oracle Security Alert for CVE-2014-7169
- Oracle Security Alert for CVE-2014-0160
- Security Alert CVE-2012-6329: TWiki MAKETEXT Variable Allows Arbitrary Shell Command Execution
- Oracle Linux Reference Index of Security Vulnerability bug fixes, CVE IDs and Oracle Linux Errata
- Oracle Security Useful Scripts for Auditing
- Oracle Alert
- ORACLE ALERT
- oracle alert
- Security Bulletin: Vulnerability in SSLv3 affects IBM WebSphere Application Server (CVE-2014-3566)
- CVE-2014-0199 CVE-2014-0200 CVE-2014-0201 POC
- alert for elasticsearch
- CVE-2014-4114 和 CVE-2014-3566
- netpage.alert - network page alert for mon
- Technical Cyber Security Alert TA06-139A
- WebLogic: [Security:090482]BAD_CERTIFICATE alert was received
- myeclipse 2015 SECURITY ALERT INTEGERITY CHECK ERROR
- myeclipse security alert integrity check error 解决
- 关于RHEL的CVE和Oracle Linux的CVE
- javaScript中的事件对象event
- Stanford机器学习---第一讲. Linear Regression with one variable
- 为你的rm加个回收站(ubuntu)
- 112 - Tree Summing
- No orientation specified, and the default is horizontal. This is a common source of bugs when childr
- Oracle Security Alert for CVE-2014-7169
- HDU3966(树链剖分(点权)入门)链分治
- 高斯滤波器
- C++中智能指针的设计和使用
- file inode 结构体
- Matlab 2014a for Linux 安装
- python科学计算之Anaconda
- STL容器学习总结
- 类中的静态变量