Hello, I just updated my SuSE 13.1 system, bash to GNU bash, version 4.2.47(1)-release (x86_64-suse-linux-gnu) which is bash-4.2-68.8.1.x86_64.rpm But according to https://shellshocker.net/ I am still vulnerable to Exploit 7 (CVE-2014-6277) :
bash -c "f() { x() { _;}; x() { _;} <<a; }" 2>/dev/null || echo vulnerable Segmentation fault vulnerable
I read "Note from the SUSE Security Team This issue is already mitigated by the function hardening patch introduced in the update for CVE-2014-7169. Novell Bugzilla entries: 898664, 898762, 898812, 898884 " [ http://support.novell.com/security/cve/CVE-2014-6277.html ] which does not seem to be the correct. Any ideas when this will be fixed? BR ME -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org