Bash security bug

Project:Trisquel
Version:7.0
Component:Programs
Category:bug report
Priority:critical
Assigned:Unassigned
Status:closed
Description

A bug in GNU Bash had been discovered that allows an attacker to execute arbitrary code.

To test if a system is volunarable execute:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

Volunarable system will return

vulnerable
this is a test

Secure system will return:

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

Debian 7 has already been patched.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/

Thu, 09/25/2014 - 12:15

Will we be getting a patch soon?
Anyone know?

Thu, 09/25/2014 - 16:18

There is a related issue: https://trisquel.info/en/issues/12244

Thu, 09/25/2014 - 17:52
Status:active» fixed

Fixed in package 4.2-2ubuntu2.2+6.0.1trisquel1

Thu, 09/25/2014 - 20:28
Version:6.0» 7.0
Status:fixed» active

Trisquel 7.0 is still vulnerable

Sat, 09/27/2014 - 08:10

Trisquel 7 is still in development and is not officially supported at this time. If you wish a stable and secure system please stick with version 6 until 7 is released and official support begins. Otherwise please remember that you are using an unsupported Trisquel version. If you'd like to try it out and help make it better by reporting bugs and such, thanks! However, timely updates for unsupported versions should not be expected.

Tue, 09/30/2014 - 21:58

Fixed, please change the bug status.

Wed, 10/15/2014 - 20:13
Status:active» fixed
Wed, 10/29/2014 - 20:15
Status:fixed» closed

Automatically closed -- issue fixed for 2 weeks with no activity.