Re: bash 4.3.27 available [Was: bash "Shell Shock" vulnerability]
On 2/10/14 8:42 AM, Sam Varghese wrote:
Fixes for older versions of OS X are available here:
http://tenfourfox.blogspot.com.au/2014/09/bashing-bash-one-more-time-updated...
Sam _______________________________________________ luv-main mailing list luv-main@luv.asn.au http://lists.luv.asn.au/listinfo/luv-main
That claims to be an update for CVE-2014-7186 CVE-2014-7187 The version number "4.3.28" is unofficial (not on savannah.gnu.org at time of writing). The two CVEs cite http://openwall.com/lists/oss-security/2014/09/25/32 http://openwall.com/lists/oss-security/2014/09/26/2 http://openwall.com/lists/oss-security/2014/09/28/10 for example bug demo, patches and discussion. Those discussions note that these "out by one" bugs are not remotely accessible in the current (official) 4.3.27. Douglas
bash 4.3.29 released on savannah.gnu.org/projects/bash/ (= "4.3.28" + 3 line patch) Fixes previously cited bugs. Douglas On 2/10/14 11:46 PM, Douglas Ray wrote:
On 2/10/14 8:42 AM, Sam Varghese wrote:
Fixes for older versions of OS X are available here:
http://tenfourfox.blogspot.com.au/2014/09/bashing-bash-one-more-time-updated...
Sam _______________________________________________ luv-main mailing list luv-main@luv.asn.au http://lists.luv.asn.au/listinfo/luv-main
That claims to be an update for CVE-2014-7186 CVE-2014-7187
The version number "4.3.28" is unofficial (not on savannah.gnu.org at time of writing).
The two CVEs cite http://openwall.com/lists/oss-security/2014/09/25/32 http://openwall.com/lists/oss-security/2014/09/26/2 http://openwall.com/lists/oss-security/2014/09/28/10 for example bug demo, patches and discussion.
Those discussions note that these "out by one" bugs are not remotely accessible in the current (official) 4.3.27.
Douglas _______________________________________________ luv-main mailing list luv-main@luv.asn.au http://lists.luv.asn.au/listinfo/luv-main
participants (1)
-
Douglas Ray