bug-bash
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bash 2.05b patch for 896776 - (CVE-2014-6271) ?

From: Jean-Christian de Rivaz
Subject: Re: Bash 2.05b patch for 896776 - (CVE-2014-6271) ?
Date: Fri, 26 Sep 2014 17:26:23 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.7.0 
Le 26. 09. 14 16:47, Chet Ramey a écrit :

On 9/26/14, 4:53 AM, Jean-Christian de Rivaz wrote:

Hello,

While this can seem completely obsolete, I still have machines running bash
2.05b (Debian etch). I worry about upgrading to bash 3.x because of some
backward compatibility issue.
It there any reason why there was no patch for bash 2.05b ? The test
command below show that the bug also affect this version:

j$ bash --version
GNU bash, version 2.05b.0(1)-release (i386-pc-linux-gnu)
Copyright (C) 2002 Free Software Foundation, Inc.
j$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test

Here's one.  Two, actually, one for each CVE.


Hi Chet,
Applied without problem and there fixed the issues, as fare as I can test it. 

$ bash --version
GNU bash, version 2.05b.0(1)-release (i386-pc-linux-gnu)
Copyright (C) 2002 Free Software Foundation, Inc.
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

Thanks you very much for those patches :-)

Best Regards,

Jean-Christian
reply via email to
[Prev in Thread] Current Thread [Next in Thread]