Red Hat Bugzilla – Bug 1146791
CVE-2014-7186 bash: parser can allow out-of-bounds memory access while handling redir_stack
Last modified: 2014-10-22 04:25:49 EDT
It was discovered that the fixed-sized redir_stack could be forced to overflow in the Bash parser, resulting in memory corruption, and possibly leading to arbitrary code execution when evaluating untrusted input that would not otherwise be run as code.
This issue was discovered by Florian Weimer of Red Hat Product Security.
Created attachment 942613 [details]
Patch for CVE-2014-7186 and CVE-2014-7187
Patch for CVE-2014-7186 and CVE-2014-7187 that was applied to bash 4.3 packages in Fedora.
(Note that patch file name incorrectly mentions CVE-2014-7169.)
The first to hunks of the patch are fix for this issue, the last one is for the CVE-2014-7187 (bug 1146804).
A patch for this issue was applied to the bash packages in Red Hat Enterprise Linux via RHSA-2014:1306, RHSA-2014:1311, and RHSA-2014:1312:
The errata do not mention the CVE in the description, as the CVE is was only assigned after those updates were released.
Is this patched via RHSA-2014:1293 in Red Hat Enterprise Linux 5?
Comment 4 above already answers your question.
This issue has been addressed in the following products:
RHEV Manager version 3.4
Via RHSA-2014:1354 https://rhn.redhat.com/errata/RHSA-2014-1354.html
A patch for this issue was applied to the bash packages in Red Hat Enterprise Linux via RHSA-2014:1306, RHSA-2014:1311, and RHSA-2014:1312. The errata do not mention the CVE in the description, as the CVE was only assigned after those updates were released.