Please Marcus, I'm confused.
www:~ # bash -c "f() { x() { _;}; x() { _;} <
2>/dev/null || echo vulnerable
Segmentation fault
vulnerable
www:~ # rpm -q bash
bash-4.2-61.15.1.i586 That is after doing an update
Ruben
On Fri, Oct 10, 2014 at 08:10:41AM +0200, Marcus Meissner wrote: On Wed, Oct 08, 2014 at 08:23:42PM +0200, MarkusGMX wrote: Hello, I just updated my SuSE 13.1 system, bash to
GNU bash, version 4.2.47(1)-release (x86_64-suse-linux-gnu)
which is
bash-4.2-68.8.1.x86_64.rpm But according to
https://shellshocker.net/
I am still vulnerable to
Exploit 7 (CVE-2014-6277) : bash -c "f() { x() { _;}; x() { _;} </dev/null || echo vulnerable
Segmentation fault
vulnerable I read
"Note from the SUSE Security Team
This issue is already mitigated by the function hardening patch
introduced in the update for CVE-2014-7169. Novell Bugzilla entries: 898664, 898762, 898812, 898884 "
[ http://support.novell.com/security/cve/CVE-2014-6277.html ] which does not seem to be the correct. Any ideas when this will be fixed? I fixed the script on shellshocker.net. Ciao, Marcus
--
To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse+owner@opensuse.org --
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com
DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive
http://www.coinhangout.com - coins!
http://www.brooklyn-living.com
Being so tracked is for FARM ANIMALS and and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013
--
To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse+owner@opensuse.org