[FITS] Created: (FL-2935) urgent bash upgrade RE: CVE-2014-6271

2 views
Skip to first unread message

Berg (FITS)

unread,
Sep 25, 2014, 7:19:55 AM9/25/14
to foresigh...@googlegroups.com
urgent bash upgrade RE: CVE-2014-6271
-------------------------------------

Key: FL-2935
URL: https://issues.foresightlinux.org/jira/browse/FL-2935
Project: Foresight Linux
Issue Type: Bug
Security Level: Public (Everyone can see this issue)
Components: Base Operating System
Reporter: Berg
Assignee: Distro
Priority: Critical


I received a lab-wide request for getting asap a patched bash to fix the CVE-2014-6271 vulnerability. This is needed for all FL versions I suppose..

--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.foresightlinux.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira


Michael K. Johnson (FITS)

unread,
Sep 25, 2014, 8:44:55 AM9/25/14
to foresigh...@googlegroups.com

[ https://issues.foresightlinux.org/jira/browse/FL-2935?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17997#action_17997 ]

Michael K. Johnson commented on FL-2935:
----------------------------------------

{{conary update bash=foresight.rpath.org@fl:2-devel}} gets a version with CVE-2014-6271 fixed as well as all other intermediate bash updates. That bash is deployed on all Foresight infrastructure machines based on fl2.

> urgent bash upgrade RE: CVE-2014-6271
> -------------------------------------
>
> Key: FL-2935
> URL: https://issues.foresightlinux.org/jira/browse/FL-2935
> Project: Foresight Linux
> Issue Type: Bug
> Security Level: Public(Everyone can see this issue)

Berg (FITS)

unread,
Sep 25, 2014, 9:48:55 AM9/25/14
to foresigh...@googlegroups.com

[ https://issues.foresightlinux.org/jira/browse/FL-2935?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17998#action_17998 ]

Berg commented on FL-2935:
--------------------------

This 2-devel bash version could be successfully installed on 2-qa machines as well, great! What about F20/FL3?

> urgent bash upgrade RE: CVE-2014-6271
> -------------------------------------
>
> Key: FL-2935
> URL: https://issues.foresightlinux.org/jira/browse/FL-2935
> Project: Foresight Linux
> Issue Type: Bug
> Security Level: Public(Everyone can see this issue)

Michael K. Johnson (FITS)

unread,
Sep 25, 2014, 1:56:56 PM9/25/14
to foresigh...@googlegroups.com

[ https://issues.foresightlinux.org/jira/browse/FL-2935?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17999#action_17999 ]

Michael K. Johnson commented on FL-2935:
----------------------------------------

{{group-world=foresight.rpath.org@fl:2-devel/2.5.5+2014.07.10-0.1-2}} has the fixed bash in it

Tomas can promote to fl:2-qa

> urgent bash upgrade RE: CVE-2014-6271
> -------------------------------------
>
> Key: FL-2935
> URL: https://issues.foresightlinux.org/jira/browse/FL-2935
> Project: Foresight Linux
> Issue Type: Bug
> Security Level: Public(Everyone can see this issue)

Michael K. Johnson (FITS)

unread,
Sep 25, 2014, 1:56:57 PM9/25/14
to foresigh...@googlegroups.com

[ https://issues.foresightlinux.org/jira/browse/FL-2935?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Michael K. Johnson reassigned FL-2935:
--------------------------------------

Assignee: Tomas Forsman (was: Distro)

> urgent bash upgrade RE: CVE-2014-6271
> -------------------------------------
>
> Key: FL-2935
> URL: https://issues.foresightlinux.org/jira/browse/FL-2935
> Project: Foresight Linux
> Issue Type: Bug
> Security Level: Public(Everyone can see this issue)
> Components: Base Operating System
> Reporter: Berg
> Assignee: Tomas Forsman

Michael K. Johnson (FITS)

unread,
Sep 25, 2014, 1:58:54 PM9/25/14
to foresigh...@googlegroups.com

[ https://issues.foresightlinux.org/jira/browse/FL-2935?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18000#action_18000 ]

Michael K. Johnson commented on FL-2935:
----------------------------------------

F20 we only get as we process updates from Fedora. You can install an update manually with rpm or yum if necessary before that.

> urgent bash upgrade RE: CVE-2014-6271
> -------------------------------------
>
> Key: FL-2935
> URL: https://issues.foresightlinux.org/jira/browse/FL-2935
> Project: Foresight Linux
> Issue Type: Bug
> Security Level: Public(Everyone can see this issue)
> Components: Base Operating System
> Reporter: Berg
> Assignee: Tomas Forsman

Tomas Forsman (FITS)

unread,
Sep 25, 2014, 2:04:54 PM9/25/14
to foresigh...@googlegroups.com

[ https://issues.foresightlinux.org/jira/browse/FL-2935?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Work on FL-2935 started by Tomas Forsman.

> urgent bash upgrade RE: CVE-2014-6271
> -------------------------------------
>
> Key: FL-2935
> URL: https://issues.foresightlinux.org/jira/browse/FL-2935
> Project: Foresight Linux
> Issue Type: Bug
> Security Level: Public(Everyone can see this issue)
> Components: Base Operating System
> Reporter: Berg
> Assignee: Tomas Forsman

Tomas Forsman (FITS)

unread,
Sep 25, 2014, 4:20:58 PM9/25/14
to foresigh...@googlegroups.com

[ https://issues.foresightlinux.org/jira/browse/FL-2935?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tomas Forsman closed FL-2935.
-----------------------------


> urgent bash upgrade RE: CVE-2014-6271
> -------------------------------------
>
> Key: FL-2935
> URL: https://issues.foresightlinux.org/jira/browse/FL-2935
> Project: Foresight Linux
> Issue Type: Bug
> Security Level: Public(Everyone can see this issue)
> Components: Base Operating System
> Reporter: Berg
> Assignee: Tomas Forsman

Tomas Forsman (FITS)

unread,
Sep 25, 2014, 4:30:12 PM9/25/14
to foresigh...@googlegroups.com

[ https://issues.foresightlinux.org/jira/browse/FL-2935?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tomas Forsman resolved FL-2935.
-------------------------------

Fixed Trove Versions: group-world=foresight.rpath.org@fl:2-qa/2.5.5+2014.07.10-0.1-1
Resolution: Fixed

Promoted fl:2-devel > fl:2-qa, groups rebuilt and bash has been updated in fl:2-qa now.

> urgent bash upgrade RE: CVE-2014-6271
> -------------------------------------
>
> Key: FL-2935
> URL: https://issues.foresightlinux.org/jira/browse/FL-2935
> Project: Foresight Linux
> Issue Type: Bug
> Security Level: Public(Everyone can see this issue)
> Components: Base Operating System
> Reporter: Berg
> Assignee: Tomas Forsman

Michael K. Johnson (FITS)

unread,
Sep 25, 2014, 8:04:54 PM9/25/14
to foresigh...@googlegroups.com

[ https://issues.foresightlinux.org/jira/browse/FL-2935?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18002#action_18002 ]

Michael K. Johnson commented on FL-2935:
----------------------------------------

Berg, note FL-2936

> urgent bash upgrade RE: CVE-2014-6271
> -------------------------------------
>
> Key: FL-2935
> URL: https://issues.foresightlinux.org/jira/browse/FL-2935
> Project: Foresight Linux
> Issue Type: Bug
> Security Level: Public(Everyone can see this issue)
> Components: Base Operating System
> Reporter: Berg
> Assignee: Tomas Forsman
Reply all
Reply to author
Forward
0 new messages