Hello, On Sun, 12 Oct 2014, James Knott wrote:
On 10/12/2014 03:19 PM, Brendan McKenna wrote:
The current advice on the shellshocker.net web site is to run the following:
curl https://shellshocker.net/shellshock_test.sh | bash
On a 13.1 system with bash-4.2-68.8.1.x86_64, every test results in a "not vulnerable" message....
Same here
Same here on 12.1 with the "just linked to Base:System/bash" package I build for 12.1-13.1 + Tumbleweed ... $ rpm -q --qf '%{name}-%{version}-%{release}\n%{distribution}\n%{buildtime:date}\n' bash bash-4.2-255.1 home:dnh / openSUSE_12.1_Update_standard Mon 06 Oct 2014 10:32:03 AM CEST $ bash shellshock_test.sh CVE-2014-6271 (original shellshock): not vulnerable CVE-2014-6277 (segfault): not vulnerable CVE-2014-6278 (Florian's patch): not vulnerable CVE-2014-7169 (taviso bug): not vulnerable CVE-2014-7186 (redir_stack bug): not vulnerable CVE-2014-7187 (nested loops off by one): not vulnerable CVE-2014-//// (exploit 3 on http://shellshocker.net/): not vulnerable -dnh -- Sheridan: "I'll tell you one thing. If the primates that we came from had known that some day politicians would come out of the gene pool, they'd have stayed up in the trees and written evolution off as a bad idea!" -- Babylon 5, 2x04 - A Distant Star -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org