ltib
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ltib] patch for Bash bug

From: Peter Barada
Subject: Re: [Ltib] patch for Bash bug
Date: Wed, 1 Oct 2014 10:02:12 -0400
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.1
On 09/30/2014 05:18 PM, Peter Barada wrote:
On 09/30/2014 04:06 PM, Todd Sampson wrote:
Is there a patch available for Bash? I notice most of the tools in my /bin are linked to Busybox except for Bash.


_______________________________________________
LTIB home page: http://ltib.org

Ltib mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/ltib
I've got one I'll send out tomorrow as a tarball (since it kicks bash up to the latest version with patches 001-025).

Since I can't send the bash tarball through email due to size, grab the bash-4.3 tarball from http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz and place it (and the attached patch and md5 files) in your LPP (local package pool in /opt/ltib/pkgs), and also replace dist/lfs-5.1/bash/bash.spec with the attached bash.spec.

Execute "./ltib -p bash" and you'll end up with bash updated to version 4.3.25(1) which passes the Shellshock bug test:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

See http://www.kb.cert.org/vuls/id/252743 for information on the Shellshock bug.


-- 
Peter Barada
address@hidden

Attachment: bash-4.3.tar.gz.md5
Description: application/md5

Attachment: bash-4.3-001-025.patch.md5
Description: application/md5

Attachment: bash-4.3-001-025.patch
Description: Text Data

Attachment: bash.spec
Description: Text Data

reply via email to
[Prev in Thread] Current Thread [Next in Thread]