Hi, On 2/10/2014 7:22 AM, John Mann wrote:
On 2 October 2014 00:22, Douglas Ray <dougray@cpan.org <mailto:dougray@cpan.org>> wrote:
... The only system with a real compromise was OS-X, the /bin/sh being a bash.
Apple have released an updated version of bash http://support.apple.com/kb/HT1222 http://support.apple.com/kb/HT6495 http://support.apple.com/kb/DL1769 ...
But: a) only first 2 CVEs are fixed.
Thanks, I was working on an email earlier -- I'll send that soon, just want to test if the /normal/ software update process will find the update by itself yet.... I've downloaded the dmg file to install it if it doesn't do so itself.
$ bash --version GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin13) Copyright (C) 2007 Free Software Foundation, Inc.
$ env '__BASH_FUNC<ls>()'="() { echo Game Over; }" /bin/sh -c ls Game Over
b) the security fix is not pushed to all Macs by default.
Dumb, it should be.... it's only tiny, it won't hurt to fix it for everyone -- but it is *Apple*, what can we expect; they've screwed up all the iOS 8 updates so far :( -- glad I don't rely on them! I wonder if I'll every pull the trigger on an iPhone one day, probably not, but who knows. Cheers A.