Hello, On Wed, 24 Sep 2014, David C. Rankin wrote:
On 09/24/2014 04:03 PM, David C. Rankin wrote:
I stumbled across the following bulletin regarding bash vulnerability:
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environmen...
What's the status of a patched version for 13.1?
Per the security blog, you can confirm that the vulnerability is closed with:
$ ( env x='() { :;}; echo vulnerable' bash -c "echo this is a test" )
JFTR: I'm building bash for 12.1 and some more, not sure if what others that build for 12.1, .2 etc. are already patched (and keep it updated for now). $ ( env x='() { :;}; echo vulnerable' bash -c "echo this is a test" ) bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' this is a test $ rpm -q bash bash-4.2-245.1.x86_64 $ grep PRETTY /etc/os-release PRETTY_NAME="openSUSE 12.1 (Asparagus) (x86_64)" $ rpm -q --changelog bash | head * Thu Sep 18 2014 werner@suse.de - Add bash-4.2-CVE-2014-6271.patch to fix CVE-2014-6271, the unexpected code execution with environment variables (bnc#896776) [..] Repo: http://download.opensuse.org/repositories/home:/dnh/ It's just a link to Base:System. Feel free to PM me though, -dnh -- "What, you don't think "insmod emacs" is a good idea?" -- Joe Moore -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org