![](https://seccdn.libravatar.org/avatar/bff0c215e01f23fcee6fe49e65fae458.jpg?s=120&d=mm&r=g)
On Mon, Oct 13, 2014 at 06:38:36AM +0200, David Haller wrote:
Hello,
On Sun, 12 Oct 2014, James Knott wrote:
On 10/12/2014 03:19 PM, Brendan McKenna wrote:
The current advice on the shellshocker.net web site is to run the following:
curl https://shellshocker.net/shellshock_test.sh | bash
On a 13.1 system with bash-4.2-68.8.1.x86_64, every test results in a "not vulnerable" message....
Same here
Same here on 12.1 with the "just linked to Base:System/bash" package I build for 12.1-13.1 + Tumbleweed ...
$ rpm -q --qf '%{name}-%{version}-%{release}\n%{distribution}\n%{buildtime:date}\n' bash bash-4.2-255.1 home:dnh / openSUSE_12.1_Update_standard Mon 06 Oct 2014 10:32:03 AM CEST $ bash shellshock_test.sh CVE-2014-6271 (original shellshock): not vulnerable CVE-2014-6277 (segfault): not vulnerable CVE-2014-6278 (Florian's patch): not vulnerable CVE-2014-7169 (taviso bug): not vulnerable CVE-2014-7186 (redir_stack bug): not vulnerable CVE-2014-7187 (nested loops off by one): not vulnerable CVE-2014-//// (exploit 3 on http://shellshocker.net/): not vulnerable
Thats because I fixed the test on shellshocker.net to detect the actual security issue "better". The actuall bash segfault (not a security issue) might still be there, but either a bash fix was pushed already or will be. Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org