[opensuse] Fwd: Re: [oss-security] CVE-2014-6271: remote code execution through bash
Solar Designer 09/24/14 4:34 PM >>> On Wed, Sep 24, 2014 at 11:27:09PM +0200, Hanno B??ck wrote: Tavis Ormandy just tweetet this: https://twitter.com/taviso/status/514887394294652929
The bash patch seems incomplete to me, function parsing is still brittle. e.g. $ env X='() { (a)=>\' sh -c "echo date"; cat echo
Thanks for bringing this to oss-security. I've added CC to Chet and Tavis on this "reply".
Alexander
Will the oS versions include fixes for stuff like this, since it sounds like the official BASH patch isn't finished yet? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Wed, Sep 24, 2014 at 04:41:45PM -0500, Christopher Myers wrote:
Solar Designer 09/24/14 4:34 PM >>> On Wed, Sep 24, 2014 at 11:27:09PM +0200, Hanno B??ck wrote: Tavis Ormandy just tweetet this: https://twitter.com/taviso/status/514887394294652929
The bash patch seems incomplete to me, function parsing is still brittle. e.g. $ env X='() { (a)=>\' sh -c "echo date"; cat echo
Thanks for bringing this to oss-security. I've added CC to Chet and Tavis on this "reply".
Alexander
Will the oS versions include fixes for stuff like this, since it sounds like the official BASH patch isn't finished yet?
So far not, but we will of course release incremental updates if necessary. Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (2)
-
Christopher Myers -
Marcus Meissner