Quoting gvim <[email protected]>:
There's a second vulnerability that escapes the first bug patch. env X="() { (a)=>\\" bash -c '/dev/stdout date' If this prints the date, you still have a hole where bash can write content to arbitrary files. ( And this trick somehow makes it write the date to /dev/stdout. )Kreist, I'm up **it Creek after all :(
Your distro almost certainly has a second patch already available. Just update your installed package.
This article seems pretty good: http://perltricks.com/article/115/2014/9/26/Shellshock-and-Perl Dave...
