oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE-2014-6271: remote code execution through bash

From: Alexandre Dulaunoy <a () foo be>
Date: Thu, 25 Sep 2014 20:48:25 +0200
On Thu, Sep 25, 2014 at 8:35 PM, Chet Ramey <chet.ramey () case edu> wrote:


On 09/25/2014 08:31 AM, Chet Ramey wrote:



Wondering if you saw
http://www.openwall.com/lists/oss-security/2014/09/24/40 ?


The (one-line) patch I sent last night appears to fix this.  Please verify.


Indeed, we tested the yacc fix along with bash43-025 on different systems.

Applying bash43-025 and eol-pushback.patch fixed it.

We made some notes there for the people upgrading from the source:

http://www.circl.lu/pub/tr-27/#recommendations

Feedback welcome.

-- 
--                   Alexandre Dulaunoy (adulau) -- http://www.foo.be/
--
--         "Knowledge can create problems, it is not through ignorance
--                                that we can solve them" Isaac Asimov
Previous By Date Next
Previous By Thread Next

Current thread: