bash 4.3.29 released on savannah.gnu.org/projects/bash/ (= "4.3.28" + 3 line patch) Fixes previously cited bugs. Douglas On 2/10/14 11:46 PM, Douglas Ray wrote:
On 2/10/14 8:42 AM, Sam Varghese wrote:
Fixes for older versions of OS X are available here:
http://tenfourfox.blogspot.com.au/2014/09/bashing-bash-one-more-time-updated...
Sam _______________________________________________ luv-main mailing list luv-main@luv.asn.au http://lists.luv.asn.au/listinfo/luv-main
That claims to be an update for CVE-2014-7186 CVE-2014-7187
The version number "4.3.28" is unofficial (not on savannah.gnu.org at time of writing).
The two CVEs cite http://openwall.com/lists/oss-security/2014/09/25/32 http://openwall.com/lists/oss-security/2014/09/26/2 http://openwall.com/lists/oss-security/2014/09/28/10 for example bug demo, patches and discussion.
Those discussions note that these "out by one" bugs are not remotely accessible in the current (official) 4.3.27.
Douglas _______________________________________________ luv-main mailing list luv-main@luv.asn.au http://lists.luv.asn.au/listinfo/luv-main