* [gentoo-hardened] Bash in Gentoo is vulnerable.
@ 2014-09-25 0:14 Jacek
2014-09-25 0:15 ` Alex Xu
2014-09-25 2:01 ` Michael Orlitzky
0 siblings, 2 replies; 5+ messages in thread
From: Jacek @ 2014-09-25 0:14 UTC (permalink / raw
To: gentoo-hardened; +Cc: polynomial-c
[-- Attachment #1.1: Type: text/plain, Size: 240 bytes --]
Bash in Gentoo (app-shells/bash-4.2_p45) is vulnerable to this threat:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6271
Simple test:
|$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"|
Cheers
;-)
[-- Attachment #1.2: Type: text/html, Size: 993 bytes --]
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 213 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-hardened] Bash in Gentoo is vulnerable.
2014-09-25 0:14 [gentoo-hardened] Bash in Gentoo is vulnerable Jacek
@ 2014-09-25 0:15 ` Alex Xu
2014-09-25 0:29 ` Jacek
2014-09-25 2:01 ` Michael Orlitzky
1 sibling, 1 reply; 5+ messages in thread
From: Alex Xu @ 2014-09-25 0:15 UTC (permalink / raw
To: gentoo-hardened
[-- Attachment #1: Type: text/plain, Size: 345 bytes --]
On 24/09/14 08:14 PM, Jacek wrote:
> Bash in Gentoo (app-shells/bash-4.2_p45) is vulnerable to this threat:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6271
>
>
> Simple test:
>
> |$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"|
>
>
> Cheers
> ;-)
>
yer about 17 hours late on the uptake
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-hardened] Bash in Gentoo is vulnerable.
2014-09-25 0:15 ` Alex Xu
@ 2014-09-25 0:29 ` Jacek
0 siblings, 0 replies; 5+ messages in thread
From: Jacek @ 2014-09-25 0:29 UTC (permalink / raw
To: gentoo-hardened
[-- Attachment #1: Type: text/plain, Size: 414 bytes --]
W dniu 25.09.2014 o 02:15, Alex Xu pisze:
> On 24/09/14 08:14 PM, Jacek wrote:
>> Bash in Gentoo (app-shells/bash-4.2_p45) is vulnerable to this threat:
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6271
>>
>>
>> Simple test:
>>
>> |$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"|
>>
>>
>> Cheers
>> ;-)
>>
> yer about 17 hours late on the uptake
>
Thanks
;_)
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 213 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-hardened] Bash in Gentoo is vulnerable.
2014-09-25 0:14 [gentoo-hardened] Bash in Gentoo is vulnerable Jacek
2014-09-25 0:15 ` Alex Xu
@ 2014-09-25 2:01 ` Michael Orlitzky
2014-09-25 5:13 ` Kerin Millar
1 sibling, 1 reply; 5+ messages in thread
From: Michael Orlitzky @ 2014-09-25 2:01 UTC (permalink / raw
To: gentoo-hardened
On 09/24/2014 08:14 PM, Jacek wrote:
> Bash in Gentoo (app-shells/bash-4.2_p45) is vulnerable to this threat:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6271
>
Already fixed:
https://bugs.gentoo.org/show_bug.cgi?id=523592
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-hardened] Bash in Gentoo is vulnerable.
2014-09-25 2:01 ` Michael Orlitzky
@ 2014-09-25 5:13 ` Kerin Millar
0 siblings, 0 replies; 5+ messages in thread
From: Kerin Millar @ 2014-09-25 5:13 UTC (permalink / raw
To: gentoo-hardened
On 25/09/2014 03:01, Michael Orlitzky wrote:
> On 09/24/2014 08:14 PM, Jacek wrote:
>> Bash in Gentoo (app-shells/bash-4.2_p45) is vulnerable to this threat:
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6271
>>
>
> Already fixed:
>
> https://bugs.gentoo.org/show_bug.cgi?id=523592
It isn't fixed until such time as CVE-2014-7169 is addressed. I've
updated the above mentioned bug with further information.
--Kerin
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2014-09-25 5:13 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-09-25 0:14 [gentoo-hardened] Bash in Gentoo is vulnerable Jacek
2014-09-25 0:15 ` Alex Xu
2014-09-25 0:29 ` Jacek
2014-09-25 2:01 ` Michael Orlitzky
2014-09-25 5:13 ` Kerin Millar
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox