[GLLUG] Bash Bug

John Edwards john at cornerstonelinux.co.uk
Thu Sep 25 16:52:23 UTC 2014


Hi

On Thu, Sep 25, 2014 at 05:30:43PM +0100, Iain M Conochie wrote:
<snip>
> Nice one John! Yes, it seems that have released a patch:
> 
>> $ env x='() { :;}; \
>>  echo vulnerable'  bash -c "echo this is a test"
> bash: line 1: warning: x: ignoring function definition attempt
> bash: error importing function definition for `x'
> this is a test
>> $ bash --version
> GNU bash, version 4.1.5(1)-release (i486-pc-linux-gnu)
> Copyright (C) 2009 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later
> <http://gnu.org/licenses/gpl.html>

I don't see version 4.1.5 on either the Bytemark or Phil Hand's Debian
FTP mirrors - just 4.1.3, which is vulnerable. But I don't have any
machines still running Squeeze so I did not look very hard.


-- 
#---------------------------------------------------------#
|    John Edwards   Email: john at cornerstonelinux.co.uk    |
#---------------------------------------------------------#




More information about the GLLUG mailing list