Bash security bug

Category:bug report

A bug in GNU Bash had been discovered that allows an attacker to execute arbitrary code.

To test if a system is volunarable execute:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

Volunarable system will return

this is a test

Secure system will return:

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

Debian 7 has already been patched.

Thu, 09/25/2014 - 13:15

Will we be getting a patch soon?
Anyone know?

Thu, 09/25/2014 - 17:18

There is a related issue:

Thu, 09/25/2014 - 18:52
Status:active» fixed

Fixed in package 4.2-2ubuntu2.2+6.0.1trisquel1

Thu, 09/25/2014 - 21:28
Version:6.0» 7.0
Status:fixed» active

Trisquel 7.0 is still vulnerable

Sat, 09/27/2014 - 09:10

Trisquel 7 is still in development and is not officially supported at this time. If you wish a stable and secure system please stick with version 6 until 7 is released and official support begins. Otherwise please remember that you are using an unsupported Trisquel version. If you'd like to try it out and help make it better by reporting bugs and such, thanks! However, timely updates for unsupported versions should not be expected.

Tue, 09/30/2014 - 22:58

Fixed, please change the bug status.

Wed, 10/15/2014 - 21:13
Status:active» fixed
Wed, 10/29/2014 - 21:15
Status:fixed» closed

Automatically closed -- issue fixed for 2 weeks with no activity.