Stéphane Chazelas

**Name of the Vulnerable Software and Affected Versions** bash versions 1.14 through 4.2 p52 GNU Bash (affected versions not specified) **Description** The issue is related to errors in processing input data during code syntax analysis in the Bash shell. Exploitation of the vulnerability allows an attacker to execute arbitrary commands with the rights of the current user by creating a specially crafted environment variable. This can be done remotely, for example, using a web server or DHCP server, or locally. The vulnerability may lead to a breach of confidentiality, integrity, and availability of protected information. **Recommendations** For bash versions 1.14 through 4.2 p52, update to a version later than 4.2 p52 to resolve the issue. For GNU Bash, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of the Bash shell to minimize the risk of exploitation. Avoid using the Bash shell for remote connections, such as telnet or SSH, until the issue is resolved. Restrict access to web servers and DHCP servers that may be used to create a specially crafted environment variable.

**Name of the Vulnerable Software and Affected Versions** APT versions 1.0.1 and earlier **Description** A buffer overflow issue exists in the HTTP transport code of apt-get, potentially allowing man-in-the-middle attackers to cause a denial of service or possibly execute arbitrary code via a crafted URL. **Recommendations** For APT versions 1.0.1 and earlier, update to a version later than 1.0.1 to resolve the issue.