![](https://seccdn.libravatar.org/avatar/4476605a14486ae12fc0acb6dd91665c.jpg?s=120&d=mm&r=g)
On Wed, 2014-10-08 at 20:23 +0200, MarkusGMX wrote:
Hello,
I just updated my SuSE 13.1 system, bash to GNU bash, version 4.2.47(1)-release (x86_64-suse-linux-gnu) which is bash-4.2-68.8.1.x86_64.rpm
But according to https://shellshocker.net/ I am still vulnerable to Exploit 7 (CVE-2014-6277) :
bash -c "f() { x() { _;}; x() { _;} </dev/null || echo vulnerable Segmentation fault vulnerable
I read "Note from the SUSE Security Team This issue is already mitigated by the function hardening patch introduced in the update for CVE-2014-7169.
Novell Bugzilla entries: 898664, 898762, 898812, 898884 " [ http://support.novell.com/security/cve/CVE-2014-6277.html ]
which does not seem to be the correct.
Any ideas when this will be fixed?
BR ME It's not actually vulnerable to attack, it's simply crashing. If I recall there is already a patch in the pipes coming soon.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org