Re: Bash-4.3 Official Patch 26
On 9/26/14, 8:58 PM, Nathan McGarvey wrote: > Pardon my catching up. This (and all the other related patches for > other past versions) is to remedy CVE-2014-7169 and CVE-2014-6271 was > remedied by the previous Patch 25 (and related set for all other versions.) > Is this correct? Or are there still outstanding issues? You should install patch 27, which closes all known remote attack vectors. -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, ITS, CWRUc...@case.eduhttp://cnswww.cns.cwru.edu/~chet/
Re: Bash-4.3 Official Patch 26
On 09/26/2014 06:58 PM, Nathan McGarvey wrote: > Pardon my catching up. This (and all the other related patches for > other past versions) is to remedy CVE-2014-7169 and CVE-2014-6271 was > remedied by the previous Patch 25 (and related set for all other > versions.) Is this correct? Or are there still outstanding issues? If _all_ you apply is patch 25 and 26, then you are STILL vulnerable to ShellShock (we know of at least CVE-2014-7186 and CVE-2014-7187 that are also ShellShock attack points, and there are probably more). For a more comprehensive read, see: https://lists.gnu.org/archive/html/bug-bash/2014-09/msg00238.html -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature
Re: Bash-4.3 Official Patch 26
Pardon my catching up. This (and all the other related patches for other past versions) is to remedy CVE-2014-7169 and CVE-2014-6271 was remedied by the previous Patch 25 (and related set for all other versions.) Is this correct? Or are there still outstanding issues? -Nathan On 09/26/2014 05:17 PM, Chet Ramey wrote: BASH PATCH REPORT = Bash-Release: 4.3 Patch-ID: bash43-026 Bug-Reported-by:Tavis Ormandy Bug-Reference-ID: Bug-Reference-URL: http://twitter.com/taviso/statuses/514887394294652929 Bug-Description: Under certain circumstances, bash can incorrectly save a lookahead character and return it on a subsequent call, even when reading a new line. Patch (apply with `patch -p0'): *** ../bash-4.3.25/parse.y 2014-07-30 10:14:31.0 -0400 --- parse.y 2014-09-25 20:20:21.0 -0400 *** *** 2954,2957 --- 2954,2959 word_desc_to_read = (WORD_DESC *)NULL; + eol_ungetc_lookahead = 0; + current_token = '\n'; /* XXX */ last_read_token = '\n'; *** ../bash-4.3.25/y.tab.c 2014-07-30 10:14:32.0 -0400 --- y.tab.c 2014-09-25 20:21:48.0 -0400 *** *** 5266,5269 --- 5266,5271 word_desc_to_read = (WORD_DESC *)NULL; + eol_ungetc_lookahead = 0; + current_token = '\n'; /* XXX */ last_read_token = '\n'; *** *** 8540,8542 } #endif /* HANDLE_MULTIBYTE */ - --- 8542,8543 *** ../bash-4.3/patchlevel.h2012-12-29 10:47:57.0 -0500 --- patchlevel.h2014-03-20 20:01:28.0 -0400 *** *** 26,30 looks for to find the patch level (for the sccs version string). */ ! #define PATCHLEVEL 25 #endif /* _PATCHLEVEL_H_ */ --- 26,30 looks for to find the patch level (for the sccs version string). */ ! #define PATCHLEVEL 26 #endif /* _PATCHLEVEL_H_ */
Bash-4.3 Official Patch 26
BASH PATCH REPORT = Bash-Release: 4.3 Patch-ID: bash43-026 Bug-Reported-by:Tavis Ormandy Bug-Reference-ID: Bug-Reference-URL: http://twitter.com/taviso/statuses/514887394294652929 Bug-Description: Under certain circumstances, bash can incorrectly save a lookahead character and return it on a subsequent call, even when reading a new line. Patch (apply with `patch -p0'): *** ../bash-4.3.25/parse.y 2014-07-30 10:14:31.0 -0400 --- parse.y 2014-09-25 20:20:21.0 -0400 *** *** 2954,2957 --- 2954,2959 word_desc_to_read = (WORD_DESC *)NULL; + eol_ungetc_lookahead = 0; + current_token = '\n'; /* XXX */ last_read_token = '\n'; *** ../bash-4.3.25/y.tab.c 2014-07-30 10:14:32.0 -0400 --- y.tab.c 2014-09-25 20:21:48.0 -0400 *** *** 5266,5269 --- 5266,5271 word_desc_to_read = (WORD_DESC *)NULL; + eol_ungetc_lookahead = 0; + current_token = '\n'; /* XXX */ last_read_token = '\n'; *** *** 8540,8542 } #endif /* HANDLE_MULTIBYTE */ - --- 8542,8543 *** ../bash-4.3/patchlevel.h2012-12-29 10:47:57.0 -0500 --- patchlevel.h2014-03-20 20:01:28.0 -0400 *** *** 26,30 looks for to find the patch level (for the sccs version string). */ ! #define PATCHLEVEL 25 #endif /* _PATCHLEVEL_H_ */ --- 26,30 looks for to find the patch level (for the sccs version string). */ ! #define PATCHLEVEL 26 #endif /* _PATCHLEVEL_H_ */ -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, ITS, CWRUc...@case.eduhttp://cnswww.cns.cwru.edu/~chet/