On Wed, Oct 08, 2014 at 08:23:42PM +0200, MarkusGMX wrote:
Hello,
I just updated my SuSE 13.1 system, bash to GNU bash, version 4.2.47(1)-release (x86_64-suse-linux-gnu) which is bash-4.2-68.8.1.x86_64.rpm
But according to https://shellshocker.net/ I am still vulnerable to Exploit 7 (CVE-2014-6277) :
bash -c "f() { x() { _;}; x() { _;} </dev/null || echo vulnerable Segmentation fault vulnerable
I read "Note from the SUSE Security Team This issue is already mitigated by the function hardening patch introduced in the update for CVE-2014-7169.
Novell Bugzilla entries: 898664, 898762, 898812, 898884 " [ http://support.novell.com/security/cve/CVE-2014-6277.html ]
which does not seem to be the correct.
Any ideas when this will be fixed?
I fixed the script on shellshocker.net. Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org