[Bug 1373781] Re: bash incomplete fix for CVE-2014-6271
dino99
1373781 at bugs.launchpad.net
Fri Sep 26 15:38:56 UTC 2014
@Marc
its only a feedback, and i only see that warning.
if you think its ok, i'm ok too (no skill on my side for commenting)
as i've reported an other bug about that 'warning' thing, i'm closing it
too.
Thanks for the answer
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1373781
Title:
bash incomplete fix for CVE-2014-6271
Status in “bash” package in Ubuntu:
Fix Released
Status in “bash” source package in Lucid:
Fix Released
Status in “bash” source package in Precise:
Fix Released
Status in “bash” source package in Trusty:
Fix Released
Status in “bash” source package in Utopic:
Fix Released
Bug description:
The fixes for CVE-2014-6271 do NOT work! Security vuln, but should be
public, this is known already.
Ubuntu 14.04 LTS: bash 4.3-7ubuntu1.1
Ubuntu 12.04 LTS: bash 4.2-2ubuntu2.2
Ubuntu 10.04 LTS: bash 4.1-2ubuntu3.1
Testcase:
rm -f echo && env -i X='() { (a)=>\' bash -c 'echo id'; cat echo
expected output:
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
id
actual output:
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
uid=0(root) gid=0(root) groups=0(root)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1373781/+subscriptions
More information about the foundations-bugs
mailing list