* [gentoo-hardened] Bash in Gentoo is vulnerable.
@ 2014-09-25 0:14 Jacek
2014-09-25 0:15 ` Alex Xu
2014-09-25 2:01 ` Michael Orlitzky
0 siblings, 2 replies; 5+ messages in thread
From: Jacek @ 2014-09-25 0:14 UTC (permalink / raw
To: gentoo-hardened; +Cc: polynomial-c
[-- Attachment #1.1: Type: text/plain, Size: 240 bytes --]
Bash in Gentoo (app-shells/bash-4.2_p45) is vulnerable to this threat:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6271
Simple test:
|$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"|
Cheers
;-)
[-- Attachment #1.2: Type: text/html, Size: 993 bytes --]
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 213 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [gentoo-hardened] Bash in Gentoo is vulnerable. 2014-09-25 0:14 [gentoo-hardened] Bash in Gentoo is vulnerable Jacek @ 2014-09-25 0:15 ` Alex Xu 2014-09-25 0:29 ` Jacek 2014-09-25 2:01 ` Michael Orlitzky 1 sibling, 1 reply; 5+ messages in thread From: Alex Xu @ 2014-09-25 0:15 UTC (permalink / raw To: gentoo-hardened [-- Attachment #1: Type: text/plain, Size: 345 bytes --] On 24/09/14 08:14 PM, Jacek wrote: > Bash in Gentoo (app-shells/bash-4.2_p45) is vulnerable to this threat: > > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6271 > > > Simple test: > > |$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"| > > > Cheers > ;-) > yer about 17 hours late on the uptake [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 819 bytes --] ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-hardened] Bash in Gentoo is vulnerable. 2014-09-25 0:15 ` Alex Xu @ 2014-09-25 0:29 ` Jacek 0 siblings, 0 replies; 5+ messages in thread From: Jacek @ 2014-09-25 0:29 UTC (permalink / raw To: gentoo-hardened [-- Attachment #1: Type: text/plain, Size: 414 bytes --] W dniu 25.09.2014 o 02:15, Alex Xu pisze: > On 24/09/14 08:14 PM, Jacek wrote: >> Bash in Gentoo (app-shells/bash-4.2_p45) is vulnerable to this threat: >> >> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6271 >> >> >> Simple test: >> >> |$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"| >> >> >> Cheers >> ;-) >> > yer about 17 hours late on the uptake > Thanks ;_) [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 213 bytes --] ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-hardened] Bash in Gentoo is vulnerable. 2014-09-25 0:14 [gentoo-hardened] Bash in Gentoo is vulnerable Jacek 2014-09-25 0:15 ` Alex Xu @ 2014-09-25 2:01 ` Michael Orlitzky 2014-09-25 5:13 ` Kerin Millar 1 sibling, 1 reply; 5+ messages in thread From: Michael Orlitzky @ 2014-09-25 2:01 UTC (permalink / raw To: gentoo-hardened On 09/24/2014 08:14 PM, Jacek wrote: > Bash in Gentoo (app-shells/bash-4.2_p45) is vulnerable to this threat: > > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6271 > Already fixed: https://bugs.gentoo.org/show_bug.cgi?id=523592 ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-hardened] Bash in Gentoo is vulnerable. 2014-09-25 2:01 ` Michael Orlitzky @ 2014-09-25 5:13 ` Kerin Millar 0 siblings, 0 replies; 5+ messages in thread From: Kerin Millar @ 2014-09-25 5:13 UTC (permalink / raw To: gentoo-hardened On 25/09/2014 03:01, Michael Orlitzky wrote: > On 09/24/2014 08:14 PM, Jacek wrote: >> Bash in Gentoo (app-shells/bash-4.2_p45) is vulnerable to this threat: >> >> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6271 >> > > Already fixed: > > https://bugs.gentoo.org/show_bug.cgi?id=523592 It isn't fixed until such time as CVE-2014-7169 is addressed. I've updated the above mentioned bug with further information. --Kerin ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2014-09-25 5:13 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2014-09-25 0:14 [gentoo-hardened] Bash in Gentoo is vulnerable Jacek 2014-09-25 0:15 ` Alex Xu 2014-09-25 0:29 ` Jacek 2014-09-25 2:01 ` Michael Orlitzky 2014-09-25 5:13 ` Kerin Millar
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox