Accueil
Soumis par ivaylo le jeu, 09/25/2014 - 12:59

Bash security bug

A bug in GNU Bash had been discovered that allows an attacker to execute arbitrary code.

To test if a system is volunarable execute:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

Volunarable system will return

vulnerable
this is a test

Secure system will return:

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

Debian 7 has already been patched.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/

quidam:
mer, 10/29/2014 - 21:15

Automatically closed -- issue fixed for 2 weeks with no activity.

SirGrant:
mer, 10/15/2014 - 21:13
Legimet:
mar, 09/30/2014 - 22:58

Fixed, please change the bug status.

jxself:
sam, 09/27/2014 - 09:10

Trisquel 7 is still in development and is not officially supported at this time. If you wish a stable and secure system please stick with version 6 until 7 is released and official support begins. Otherwise please remember that you are using an unsupported Trisquel version. If you'd like to try it out and help make it better by reporting bugs and such, thanks! However, timely updates for unsupported versions should not be expected.

Mampir:
jeu, 09/25/2014 - 21:28

Trisquel 7.0 is still vulnerable

david:
jeu, 09/25/2014 - 18:52

Fixed in package 4.2-2ubuntu2.2+6.0.1trisquel1

Mzee:
jeu, 09/25/2014 - 17:18

There is a related issue: https://trisquel.info/en/issues/12244

grave_123:
jeu, 09/25/2014 - 13:15

Will we be getting a patch soon?
Anyone know?