oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE-2014-6271: remote code execution through bash

From: Solar Designer <solar () openwall com>
Date: Thu, 25 Sep 2014 02:27:06 +0400
On Wed, Sep 24, 2014 at 12:08:46PM -0400, Chet Ramey wrote:

On 9/24/14, 11:16 AM, Solar Designer wrote:


I see no good workaround. 


You're correct; there is not a good workaround.  Since there are publicly
available patches for all bash versions back 15 years or so, though, the
best path forward is to apply those as quickly as possible.


Thank You for providing those patches!  It is rare for an upstream
author to provide security fix backports going this far back, and it is
really helpful in this case.

Alexander
Previous By Date Next
Previous By Thread Next

Current thread: