

CVE-2014-7187 (yet another) Bash arbitrary execution of code - ck2
https://access.redhat.com/security/cve/CVE-2014-7187

======
dfc
This is not "yet another" vulnerability in the sense that it represents a
similar risk:

"Red Hat Product Security _does not consider this bug to have any security
impact_ on the bash packages shipped in Red Hat Enterprise Linux. A fix for
this issue was applied as a hardening in RHSA-2014:1306, RHSA-2014:1311, and
RHSA-2014:1312."

------
ck2
Note that patch only appeared today, despite CVE being out a few days ago.

[http://openwall.com/lists/oss-
security/2014/09/28/10](http://openwall.com/lists/oss-security/2014/09/28/10)

 _There are two local buffer overflows in parse.y that can cause the shell to
dump core when given many here-documents attached to a single command or many
nested loops._

[http://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-028](http://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-028)

