On 09/24/2014 04:03 PM, David C. Rankin wrote:
All,
I stumbled across the following bulletin regarding bash vulnerability:
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environmen...
What's the status of a patched version for 13.1?
Per the security blog, you can confirm that the vulnerability is closed with: $ ( env x='() { :;}; echo vulnerable' bash -c "echo this is a test" ) I just executed the test in a subshell to prevent adding the function to my current session. If you are vulnerable, you will see: vulnerable this is a test After upgrading bash you will see the vulnerability has been closed: bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' this is a test -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org