GNU Bash through 4.3 bash43-026 does not properly parse function
definitions in the values of environment variables, which allows remote
attackers to execute arbitrary code or cause a denial of service
(uninitialized memory access, and untrusted-pointer read and write
operations) via a crafted environment, as demonstrated by vectors involving
the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules
in the Apache HTTP Server, scripts executed by unspecified DHCP clients,
and other situations in which setting the environment occurs across a
privilege boundary from Bash execution. NOTE: this vulnerability exists
because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169.
mdeslaurthis issue is mitigated by Florian Weimer's prefix-suffix patch
that is included in
since bash parser vulnerabilities are now limited to specially
named environment variables, and as such are no longer directly
exposed to CGI scripts, SSH, etc.

Once an upstream patch is made available, we will release bash
updates, but we don't consider this to be a critical issue
requiring immediate attention.
Source: bash (LP Ubuntu Debian)
Ubuntu 14.04 ESM (Trusty Tahr):released (4.3-7ubuntu1.5)
More Information

Updated: 2020-01-29 19:50:14 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)