Bash security bug

Proyecto:Trisquel
Versión:7.0
Componente:Programs
Categoría:informe de fallo
Prioridad:critical
Asignado:No asignado
Estado:closed
Descripción

A bug in GNU Bash had been discovered that allows an attacker to execute arbitrary code.

To test if a system is volunarable execute:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

Volunarable system will return

vulnerable
this is a test

Secure system will return:

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

Debian 7 has already been patched.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/

Jue, 09/25/2014 - 12:15

Will we be getting a patch soon?
Anyone know?

Jue, 09/25/2014 - 16:18

There is a related issue: https://trisquel.info/en/issues/12244

Jue, 09/25/2014 - 17:52
Estado:active» fixed

Fixed in package 4.2-2ubuntu2.2+6.0.1trisquel1

Jue, 09/25/2014 - 20:28
Versión:6.0» 7.0
Estado:fixed» active

Trisquel 7.0 is still vulnerable

Sáb, 09/27/2014 - 08:10

Trisquel 7 is still in development and is not officially supported at this time. If you wish a stable and secure system please stick with version 6 until 7 is released and official support begins. Otherwise please remember that you are using an unsupported Trisquel version. If you'd like to try it out and help make it better by reporting bugs and such, thanks! However, timely updates for unsupported versions should not be expected.

Mar, 09/30/2014 - 21:58

Fixed, please change the bug status.

Mié, 10/15/2014 - 20:13
Estado:active» fixed
Mié, 10/29/2014 - 20:15
Estado:fixed» closed

Automatically closed -- issue fixed for 2 weeks with no activity.