关键漏洞信息 漏洞名称: Bash specially-crafted environment variables code injection attack 相关CVE: CVE-2014-6271 and CVE-2014-7169 发布时间: September 24, 2014 CVSS评分: Not specified in the screenshot 影响范围: Affects systems using Bash shell 漏洞描述: An attacker can provide specially-crafted environment variables containing arbitrary commands that will be executed on vulnerable systems under certain conditions. 修复建议: Upgrade to the version of Bash which contains the fix for CVE-2014-6271 and apply patches for CVE-2014-7169 更新信息 Update 2014-09-26 12:00 UTC: FAQs written to address common questions about the Bash issues. Update 2014-09-26 02:20 UTC: Red Hat and Fedora released patched versions of Bash to fix the vulnerabilities. Update 2014-09-30 19:30 UTC: Determined that Red Hat products are not vulnerable to CVE-2014-6271 after updates.