What is the UnixWare 7.1.4+ bash-4.3.30b Security Update? KEYWORDS: unixware 7.1.4 714 714+ security update supplement bash shellshock RELEASE: SCO Unixware Release 7.1.4+ SCO Unixware Release 7.1.4 PROBLEM: What is the UnixWare 7.1.4+ bash-4.3.30b Security Update? SOLUTION: This supplement addresses the 'shellshock' security vulnerabilities defined by the following CVEs: CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 These vulnerabilities could allow a regular bash user to gain privileges through a crafted environment variable. bash-4.3.30b also corrects a problem processing the bash builtin command "echo -n", when bash is executing in posix mode. Software Notes and Recommendations ---------------------------------- The UW714 bash-4.3.30b package is intended for installation on UnixWare 7.1.4 Maintenance Pack 4 UnixWare 7.1.4+ Caution: If this package is installed on UW 7.1.4 MP4 and the system is later upgraded to UW7.1.4+, This version of bash may be replaced by an earlier version. If that should happen, simply reinstall this package to correct the problem. Installation Instructions ------------------------- 1. Download the bash-4.3.30b.image file to the /tmp directory on your machine. 2. As root, add the package to your system using these commands: $ su - Password: # pkgadd -d /tmp/bash-4.3.30b.image $ su - Password: # pkgadd -qd /tmp/bash-4.3.30b.image all 3. There is no need to reboot the system after installing this package. Removal Instructions -------------------- 1. As root, remove the package using these commands: $ su - Password: # pkgrm bash 2. It is not necessary to reboot your system after removing this package. If you have questions regarding this supplement, or the product on which it is installed, please contact your software supplier.