[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: bash-2.05b-013 appears to not work

From: Eric Blake
Subject: Re: bash-2.05b-013 appears to not work
Date: Thu, 16 Oct 2014 19:59:48 -0600
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.1

On 10/16/2014 03:02 PM, Dave Kalaluhi wrote:
> We have been compiling some of the older versions of bash to fix
> vulnerabilities, and for the most, has been working.
> However, when we patch the 013 patch for CVE-2014-7187, and run the
> nested loop, it's still showing as vulnerable.

Exactly HOW are you testing?

> Has anyone else had a similiar experience?

Reading the archives, I see other people using an invalid test for


Remember, a parser bug is not necessarily an exploitable vulnerability.
 It is sufficient to know that bash cannot be exploited once you apply
patch 10 (all 6 CVEs were neutralized by that one patch, as well as any
other as-yet-unreported parser bugs).

Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]