LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Linux From Scratch
Reload this Page [SECURITY NOTICE!] Bash 4.3 (shellshock, CVE-2014-6271 and CVE-2014-7169)
User Name
Password
Linux From Scratch This Forum is for the discussion of LFS.
LFS is a project that provides you with the steps necessary to build your own custom Linux system.

Notices


Reply
  Search this Thread
Old 09-26-2014, 02:52 PM   #1
ReaperX7
LQ Guru
 
Registered: Jul 2011
Location: California
Distribution: Slackware64-15.0 Multilib
Posts: 6,558
Blog Entries: 15

Rep: Reputation: 2097Reputation: 2097Reputation: 2097Reputation: 2097Reputation: 2097Reputation: 2097Reputation: 2097Reputation: 2097Reputation: 2097Reputation: 2097Reputation: 2097
Exclamation [SECURITY NOTICE!] Bash 4.3 (shellshock, CVE-2014-6271 and CVE-2014-7169)

This patch is for all current LFS builds - sysvinit and systemd:

Quote:
There is a critical bug (shellshock, CVE-2014-6271 and CVE-2014-7169) than needs to be fixed in bash. All users should update their current version of bash according to the instructions at:

http://www.linuxfromscratch.org/lfs/...er06/bash.html

http://www.linuxfromscratch.org/lfs/...er06/bash.html

Note1: The suffix in bash-4.3-upstream_fixes-4.patch has changed.

Note2: Older installations of bash versions before 4.3 may also need to also install readline-6.3.
 
Old 09-27-2014, 08:59 AM   #2
corbis_demon
Member
 
Registered: Jun 2004
Distribution: CLFS
Posts: 523

Rep: Reputation: 38
This is good news, but I came across this article which seems to suggests that bash is still vulnerable. But really, is it? Some insight would be helpful.
 
Old 09-28-2014, 06:47 AM   #3
Keith Hedger
Senior Member
 
Registered: Jun 2010
Location: Wiltshire, UK
Distribution: Void, Linux From Scratch, Slackware64
Posts: 3,152

Rep: Reputation: 856Reputation: 856Reputation: 856Reputation: 856Reputation: 856Reputation: 856Reputation: 856
If you want to check if your bash is vulnerable try this code:
Code:
keithhedger@LFSStarBug:~-> export x='() { :;}; echo You are vulnerable'
keithhedger@LFSStarBug:~-> bash -c "echo test"
You are vulnerable
test
After updating
Code:
keithhedger@LFSStarBug:~-> export x='() { :;}; echo You are vulnerable'
keithhedger@LFSStarBug:~-> bash -c "echo test"
test
If you are updating to bash-4.3 you also have to update readline to 6.3
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Bash "shellshock" CVE-2014-6271 CVE-2014-7169 - Apache2 Fail2ban Filter charly78 Linux - Security 12 10-25-2014 11:36 AM
Bash "shellshock" CVE-2014-6271 CVE-2014-7169 - rated 10 ! syg00 Linux - Security 81 10-15-2014 02:11 PM
LXer: Shellshock update: bash packages that resolve CVE-2014-6271 and CVE-2014-7169 available LXer Syndicated Linux News 1 09-26-2014 01:43 PM
Bash "shellshock" CVE-2014-6271 CVE-2014-7169 - legacy system patch help Diggy Linux - Security 3 09-26-2014 01:06 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Linux From Scratch

All times are GMT -5. The time now is 10:19 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration