FreeBSD Project Information for VU#252743
GNU Bash shell executes commands in exported functions in environment variables
- Vendor Information Help Date Notified: 25 Sep 2014
- Statement Date: 25 Sep 2014
- Date Updated: 26 Sep 2014
Currently we have already patched CVE-2014-6271 and CVE-2014-7169 in the FreeBSD ports tree, making it no longer vulnerable to these two issues. We will patch the new issues once the fix is validated.
The FreeBSD base system do not use bash at all and is therefore not affected.
We are not aware of further vendor information regarding this vulnerability.
FreeBSD has disabled function importing by default in the Bash port.
If you have feedback, comments, or additional information about this vulnerability, please send us email.