Hi, The current advice on the shellshocker.net web site is to run the following: curl https://shellshocker.net/shellshock_test.sh | bash On a 13.1 system with bash-4.2-68.8.1.x86_64, every test results in a "not vulnerable" message.... Brendan On 12/10/14 19:40, Ruben Safir wrote:
Please Marcus, I'm confused.
www:~ # bash -c "f() { x() { _;}; x() { _;} <
2>/dev/null || echo vulnerable Segmentation fault vulnerable www:~ # rpm -q bash bash-4.2-61.15.1.i586
That is after doing an update
Ruben
On Fri, Oct 10, 2014 at 08:10:41AM +0200, Marcus Meissner wrote:
On Wed, Oct 08, 2014 at 08:23:42PM +0200, MarkusGMX wrote:
Hello,
I just updated my SuSE 13.1 system, bash to GNU bash, version 4.2.47(1)-release (x86_64-suse-linux-gnu) which is bash-4.2-68.8.1.x86_64.rpm
But according to https://shellshocker.net/ I am still vulnerable to Exploit 7 (CVE-2014-6277) :
bash -c "f() { x() { _;}; x() { _;} </dev/null || echo vulnerable Segmentation fault vulnerable
I read "Note from the SUSE Security Team This issue is already mitigated by the function hardening patch introduced in the update for CVE-2014-7169.
Novell Bugzilla entries: 898664, 898762, 898812, 898884 " [ http://support.novell.com/security/cve/CVE-2014-6277.html ]
which does not seem to be the correct.
Any ideas when this will be fixed?
I fixed the script on shellshocker.net.
Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org