On 09/24/2014 03:56 PM, Patrick O'Callaghan wrote: > http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/ > > From the article: > > The vulnerability affects versions 1.14 through 4.3 of GNU Bash. [...] > To check your system, from a command line, type: > > env x='() { :;}; echo vulnerable' bash -c "echo this is a test" > > If the system is vulnerable, the output will be: > > vulnerable > this is a test > > An unaffected (or patched) system will output: > > $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" > bash: warning: x: ignoring function definition attempt > bash: error importing function definition for `x' > this is a test > > I tried it and got the positive (vulnerable) result. > > Can we assume a patched version of Bash will be released shortly? > > poc > Where can I get the official patches for: CVE-2014-6271 CVE-2014-7169 and once I get these patches, how can I add the details into the bash spec file? Once I get the information, I should be ready to go. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
