[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bash 2.05b patch for 896776 - (CVE-2014-6271) ?
|
From: |
Chet Ramey |
|
Subject: |
Re: Bash 2.05b patch for 896776 - (CVE-2014-6271) ? |
|
Date: |
Fri, 26 Sep 2014 10:47:21 -0400 |
|
User-agent: |
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 |
On 9/26/14, 4:53 AM, Jean-Christian de Rivaz wrote:
> Hello,
>
> While this can seem completely obsolete, I still have machines running bash
> 2.05b (Debian etch). I worry about upgrading to bash 3.x because of some
> backward compatibility issue.
> It there any reason why there was no patch for bash 2.05b ? The test
> command below show that the bug also affect this version:
>
> j$ bash --version
> GNU bash, version 2.05b.0(1)-release (i386-pc-linux-gnu)
> Copyright (C) 2002 Free Software Foundation, Inc.
> j$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
> vulnerable
> this is a test
Here's one. Two, actually, one for each CVE.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU chet@case.edu http://cnswww.cns.cwru.edu/~chet/
bash205b-008
Description: Text document
bash205b-009
Description: Text document