[GLLUG] Bash Bug
John Edwards
john at cornerstonelinux.co.uk
Thu Sep 25 16:52:23 UTC 2014
Hi
On Thu, Sep 25, 2014 at 05:30:43PM +0100, Iain M Conochie wrote:
<snip>
> Nice one John! Yes, it seems that have released a patch:
>
>> $ env x='() { :;}; \
>> echo vulnerable' bash -c "echo this is a test"
> bash: line 1: warning: x: ignoring function definition attempt
> bash: error importing function definition for `x'
> this is a test
>> $ bash --version
> GNU bash, version 4.1.5(1)-release (i486-pc-linux-gnu)
> Copyright (C) 2009 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later
> <http://gnu.org/licenses/gpl.html>
I don't see version 4.1.5 on either the Bytemark or Phil Hand's Debian
FTP mirrors - just 4.1.3, which is vulnerable. But I don't have any
machines still running Squeeze so I did not look very hard.
--
#---------------------------------------------------------#
| John Edwards Email: john at cornerstonelinux.co.uk |
#---------------------------------------------------------#
More information about the GLLUG
mailing list