[Touch-packages] [Bug 1373781] Re: bash incomplete fix for CVE-2014-6271
Since the last update: ii bash 4.3-7ubuntu1.4 amd64 GNU Bourne Again SHell the following happen: lars@dachs:/tmp$ rm -f echo env -i X='() { (a)=\' bash -c 'echo id'; cat echo id cat: echo: No such file or directory lars@dachs:/tmp$ -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bash in Ubuntu. https://bugs.launchpad.net/bugs/1373781 Title: bash incomplete fix for CVE-2014-6271 Status in “bash” package in Ubuntu: Fix Released Status in “bash” source package in Lucid: Fix Released Status in “bash” source package in Precise: Fix Released Status in “bash” source package in Trusty: Fix Released Status in “bash” source package in Utopic: Fix Released Bug description: The fixes for CVE-2014-6271 do NOT work! Security vuln, but should be public, this is known already. Ubuntu 14.04 LTS: bash 4.3-7ubuntu1.1 Ubuntu 12.04 LTS: bash 4.2-2ubuntu2.2 Ubuntu 10.04 LTS: bash 4.1-2ubuntu3.1 Testcase: rm -f echo env -i X='() { (a)=\' bash -c 'echo id'; cat echo expected output: bash: X: line 1: syntax error near unexpected token `=' bash: X: line 1: `' bash: error importing function definition for `X' id actual output: bash: X: line 1: syntax error near unexpected token `=' bash: X: line 1: `' bash: error importing function definition for `X' uid=0(root) gid=0(root) groups=0(root) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1373781/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1373781] Re: bash incomplete fix for CVE-2014-6271
Maybe this helps others to verify: https://raw.githubusercontent.com/hannob/bashcheck/master/bashcheck lars@dachs:~$ ./bashcheck Not vulnerable to CVE-2014-6271 (original shellshock) Not vulnerable to CVE-2014-7169 (taviso bug) Not vulnerable to CVE-2014-7186 (redir_stack bug) Test for CVE-2014-7187 not reliable without address sanitizer Variable function parser inactive, likely safe from unknown parser bugs ** CVE added: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2014-6271 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-7186 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-7187 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bash in Ubuntu. https://bugs.launchpad.net/bugs/1373781 Title: bash incomplete fix for CVE-2014-6271 Status in “bash” package in Ubuntu: Fix Released Status in “bash” source package in Lucid: Fix Released Status in “bash” source package in Precise: Fix Released Status in “bash” source package in Trusty: Fix Released Status in “bash” source package in Utopic: Fix Released Bug description: The fixes for CVE-2014-6271 do NOT work! Security vuln, but should be public, this is known already. Ubuntu 14.04 LTS: bash 4.3-7ubuntu1.1 Ubuntu 12.04 LTS: bash 4.2-2ubuntu2.2 Ubuntu 10.04 LTS: bash 4.1-2ubuntu3.1 Testcase: rm -f echo env -i X='() { (a)=\' bash -c 'echo id'; cat echo expected output: bash: X: line 1: syntax error near unexpected token `=' bash: X: line 1: `' bash: error importing function definition for `X' id actual output: bash: X: line 1: syntax error near unexpected token `=' bash: X: line 1: `' bash: error importing function definition for `X' uid=0(root) gid=0(root) groups=0(root) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1373781/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1373781] Re: bash incomplete fix for CVE-2014-6271
Thank you for the reply Marc Simon. Unfortunately this isn't due to a leftover file. spyros@prod01:~# env X='() { (a)=\' bash -c echo date; cat echo bash: X: line 1: syntax error near unexpected token `=' bash: X: line 1: `' bash: error importing function definition for `X' Fri Sep 26 12:14:15 PDT 2014 spyros@prod01:~# rm echo spyros@prod01:~# env X='() { (a)=\' bash -c echo date; cat echo bash: X: line 1: syntax error near unexpected token `=' bash: X: line 1: `' bash: error importing function definition for `X' Fri Sep 26 12:15:24 PDT 2014 The only difference between the working and non-working version that I spot, is the -i argument to env, but I'm not sure why/how the empty environment would affect this. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bash in Ubuntu. https://bugs.launchpad.net/bugs/1373781 Title: bash incomplete fix for CVE-2014-6271 Status in “bash” package in Ubuntu: Fix Released Status in “bash” source package in Lucid: Fix Released Status in “bash” source package in Precise: Fix Released Status in “bash” source package in Trusty: Fix Released Status in “bash” source package in Utopic: Fix Released Bug description: The fixes for CVE-2014-6271 do NOT work! Security vuln, but should be public, this is known already. Ubuntu 14.04 LTS: bash 4.3-7ubuntu1.1 Ubuntu 12.04 LTS: bash 4.2-2ubuntu2.2 Ubuntu 10.04 LTS: bash 4.1-2ubuntu3.1 Testcase: rm -f echo env -i X='() { (a)=\' bash -c 'echo id'; cat echo expected output: bash: X: line 1: syntax error near unexpected token `=' bash: X: line 1: `' bash: error importing function definition for `X' id actual output: bash: X: line 1: syntax error near unexpected token `=' bash: X: line 1: `' bash: error importing function definition for `X' uid=0(root) gid=0(root) groups=0(root) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1373781/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1373781] Re: bash incomplete fix for CVE-2014-6271
** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-6271 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bash in Ubuntu. https://bugs.launchpad.net/bugs/1373781 Title: bash incomplete fix for CVE-2014-6271 Status in “bash” package in Ubuntu: Fix Released Status in “bash” source package in Lucid: Fix Released Status in “bash” source package in Precise: Fix Released Status in “bash” source package in Trusty: Fix Released Status in “bash” source package in Utopic: Fix Released Bug description: The fixes for CVE-2014-6271 do NOT work! Security vuln, but should be public, this is known already. Ubuntu 14.04 LTS: bash 4.3-7ubuntu1.1 Ubuntu 12.04 LTS: bash 4.2-2ubuntu2.2 Ubuntu 10.04 LTS: bash 4.1-2ubuntu3.1 Testcase: rm -f echo env -i X='() { (a)=\' bash -c 'echo id'; cat echo expected output: bash: X: line 1: syntax error near unexpected token `=' bash: X: line 1: `' bash: error importing function definition for `X' id actual output: bash: X: line 1: syntax error near unexpected token `=' bash: X: line 1: `' bash: error importing function definition for `X' uid=0(root) gid=0(root) groups=0(root) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1373781/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1373781] Re: bash incomplete fix for CVE-2014-6271
This bug was fixed in the package bash - 4.3-9ubuntu3 --- bash (4.3-9ubuntu3) utopic; urgency=medium * SECURITY UPDATE: incomplete fix for CVE-2014-6271 (LP: #1373781) - debian/patches/CVE-2014-7169.diff: fix logic in parse.y and y.tab.c. - CVE-2014-7169 -- Marc Deslauriers marc.deslauri...@ubuntu.com Thu, 25 Sep 2014 21:43:10 -0400 ** Changed in: bash (Ubuntu Utopic) Status: In Progress = Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-6271 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bash in Ubuntu. https://bugs.launchpad.net/bugs/1373781 Title: bash incomplete fix for CVE-2014-6271 Status in “bash” package in Ubuntu: Fix Released Status in “bash” source package in Lucid: Fix Released Status in “bash” source package in Precise: Fix Released Status in “bash” source package in Trusty: Fix Released Status in “bash” source package in Utopic: Fix Released Bug description: The fixes for CVE-2014-6271 do NOT work! Security vuln, but should be public, this is known already. Ubuntu 14.04 LTS: bash 4.3-7ubuntu1.1 Ubuntu 12.04 LTS: bash 4.2-2ubuntu2.2 Ubuntu 10.04 LTS: bash 4.1-2ubuntu3.1 Testcase: rm -f echo env -i X='() { (a)=\' bash -c 'echo id'; cat echo expected output: bash: X: line 1: syntax error near unexpected token `=' bash: X: line 1: `' bash: error importing function definition for `X' id actual output: bash: X: line 1: syntax error near unexpected token `=' bash: X: line 1: `' bash: error importing function definition for `X' uid=0(root) gid=0(root) groups=0(root) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1373781/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1373781] Re: bash incomplete fix for CVE-2014-6271
@dino99: both your test cases look good to me. What results were you expecting? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bash in Ubuntu. https://bugs.launchpad.net/bugs/1373781 Title: bash incomplete fix for CVE-2014-6271 Status in “bash” package in Ubuntu: Fix Released Status in “bash” source package in Lucid: Fix Released Status in “bash” source package in Precise: Fix Released Status in “bash” source package in Trusty: Fix Released Status in “bash” source package in Utopic: Fix Released Bug description: The fixes for CVE-2014-6271 do NOT work! Security vuln, but should be public, this is known already. Ubuntu 14.04 LTS: bash 4.3-7ubuntu1.1 Ubuntu 12.04 LTS: bash 4.2-2ubuntu2.2 Ubuntu 10.04 LTS: bash 4.1-2ubuntu3.1 Testcase: rm -f echo env -i X='() { (a)=\' bash -c 'echo id'; cat echo expected output: bash: X: line 1: syntax error near unexpected token `=' bash: X: line 1: `' bash: error importing function definition for `X' id actual output: bash: X: line 1: syntax error near unexpected token `=' bash: X: line 1: `' bash: error importing function definition for `X' uid=0(root) gid=0(root) groups=0(root) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1373781/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1373781] Re: bash incomplete fix for CVE-2014-6271
@Marc its only a feedback, and i only see that warning. if you think its ok, i'm ok too (no skill on my side for commenting) as i've reported an other bug about that 'warning' thing, i'm closing it too. Thanks for the answer -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bash in Ubuntu. https://bugs.launchpad.net/bugs/1373781 Title: bash incomplete fix for CVE-2014-6271 Status in “bash” package in Ubuntu: Fix Released Status in “bash” source package in Lucid: Fix Released Status in “bash” source package in Precise: Fix Released Status in “bash” source package in Trusty: Fix Released Status in “bash” source package in Utopic: Fix Released Bug description: The fixes for CVE-2014-6271 do NOT work! Security vuln, but should be public, this is known already. Ubuntu 14.04 LTS: bash 4.3-7ubuntu1.1 Ubuntu 12.04 LTS: bash 4.2-2ubuntu2.2 Ubuntu 10.04 LTS: bash 4.1-2ubuntu3.1 Testcase: rm -f echo env -i X='() { (a)=\' bash -c 'echo id'; cat echo expected output: bash: X: line 1: syntax error near unexpected token `=' bash: X: line 1: `' bash: error importing function definition for `X' id actual output: bash: X: line 1: syntax error near unexpected token `=' bash: X: line 1: `' bash: error importing function definition for `X' uid=0(root) gid=0(root) groups=0(root) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1373781/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1373781] Re: bash incomplete fix for CVE-2014-6271
Some additional feedback from 14.04 (using latest 4.3-7ubuntu1.3): spyros@prod01:~# env -i X='() { (a)=\' bash -c 'echo date' bash: X: line 1: syntax error near unexpected token `=' bash: X: line 1: `' bash: error importing function definition for `X' date spyros@prod01:~# env X='() { (a)=\' bash -c echo date; cat echo bash: X: line 1: syntax error near unexpected token `=' bash: X: line 1: `' bash: error importing function definition for `X' Fri Sep 26 12:13:33 PDT 2014 I apologize if this is a stupid question, but why is it that the second case still works? Doesn't this mean that the system is still vulnerable to CVE-2014-7169? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bash in Ubuntu. https://bugs.launchpad.net/bugs/1373781 Title: bash incomplete fix for CVE-2014-6271 Status in “bash” package in Ubuntu: Fix Released Status in “bash” source package in Lucid: Fix Released Status in “bash” source package in Precise: Fix Released Status in “bash” source package in Trusty: Fix Released Status in “bash” source package in Utopic: Fix Released Bug description: The fixes for CVE-2014-6271 do NOT work! Security vuln, but should be public, this is known already. Ubuntu 14.04 LTS: bash 4.3-7ubuntu1.1 Ubuntu 12.04 LTS: bash 4.2-2ubuntu2.2 Ubuntu 10.04 LTS: bash 4.1-2ubuntu3.1 Testcase: rm -f echo env -i X='() { (a)=\' bash -c 'echo id'; cat echo expected output: bash: X: line 1: syntax error near unexpected token `=' bash: X: line 1: `' bash: error importing function definition for `X' id actual output: bash: X: line 1: syntax error near unexpected token `=' bash: X: line 1: `' bash: error importing function definition for `X' uid=0(root) gid=0(root) groups=0(root) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1373781/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1373781] Re: bash incomplete fix for CVE-2014-6271
do you perhaps have a left-over file called 'echo' in that directory? If so, you need to delete it before running the test. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bash in Ubuntu. https://bugs.launchpad.net/bugs/1373781 Title: bash incomplete fix for CVE-2014-6271 Status in “bash” package in Ubuntu: Fix Released Status in “bash” source package in Lucid: Fix Released Status in “bash” source package in Precise: Fix Released Status in “bash” source package in Trusty: Fix Released Status in “bash” source package in Utopic: Fix Released Bug description: The fixes for CVE-2014-6271 do NOT work! Security vuln, but should be public, this is known already. Ubuntu 14.04 LTS: bash 4.3-7ubuntu1.1 Ubuntu 12.04 LTS: bash 4.2-2ubuntu2.2 Ubuntu 10.04 LTS: bash 4.1-2ubuntu3.1 Testcase: rm -f echo env -i X='() { (a)=\' bash -c 'echo id'; cat echo expected output: bash: X: line 1: syntax error near unexpected token `=' bash: X: line 1: `' bash: error importing function definition for `X' id actual output: bash: X: line 1: syntax error near unexpected token `=' bash: X: line 1: `' bash: error importing function definition for `X' uid=0(root) gid=0(root) groups=0(root) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1373781/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
Re: [Touch-packages] [Bug 1373781] Re: bash incomplete fix for CVE-2014-6271
On 09/26/2014 03:49 PM, Spyros wrote: spyros@prod01:~# env X='() { (a)=\' bash -c echo date; cat echo bash: X: line 1: syntax error near unexpected token `=' bash: X: line 1: `' bash: error importing function definition for `X' Fri Sep 26 12:13:33 PDT 2014 I apologize if this is a stupid question, but why is it that the second case still works? Doesn't this mean that the system is still vulnerable to CVE-2014-7169? Maybe you had a leftover file named echo in root's home? If yes, remove it and retest. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bash in Ubuntu. https://bugs.launchpad.net/bugs/1373781 Title: bash incomplete fix for CVE-2014-6271 Status in “bash” package in Ubuntu: Fix Released Status in “bash” source package in Lucid: Fix Released Status in “bash” source package in Precise: Fix Released Status in “bash” source package in Trusty: Fix Released Status in “bash” source package in Utopic: Fix Released Bug description: The fixes for CVE-2014-6271 do NOT work! Security vuln, but should be public, this is known already. Ubuntu 14.04 LTS: bash 4.3-7ubuntu1.1 Ubuntu 12.04 LTS: bash 4.2-2ubuntu2.2 Ubuntu 10.04 LTS: bash 4.1-2ubuntu3.1 Testcase: rm -f echo env -i X='() { (a)=\' bash -c 'echo id'; cat echo expected output: bash: X: line 1: syntax error near unexpected token `=' bash: X: line 1: `' bash: error importing function definition for `X' id actual output: bash: X: line 1: syntax error near unexpected token `=' bash: X: line 1: `' bash: error importing function definition for `X' uid=0(root) gid=0(root) groups=0(root) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1373781/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1373781] Re: bash incomplete fix for CVE-2014-6271
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: bash (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bash in Ubuntu. https://bugs.launchpad.net/bugs/1373781 Title: bash incomplete fix for CVE-2014-6271 Status in “bash” package in Ubuntu: Confirmed Bug description: The fixes for CVE-2014-6271 do NOT work! Security vuln, but should be public, this is known already. Ubuntu 14.04 LTS: bash 4.3-7ubuntu1.1 Ubuntu 12.04 LTS: bash 4.2-2ubuntu2.2 Ubuntu 10.04 LTS: bash 4.1-2ubuntu3.1 Testcase: rm -f echo env -i X='() { (a)=\' bash -c 'echo id'; cat echo expected output: bash: X: line 1: syntax error near unexpected token `=' bash: X: line 1: `' bash: error importing function definition for `X' id actual output: bash: X: line 1: syntax error near unexpected token `=' bash: X: line 1: `' bash: error importing function definition for `X' uid=0(root) gid=0(root) groups=0(root) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1373781/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1373781] Re: bash incomplete fix for CVE-2014-6271
Re the above: the patch was *not* correctly applied in trusty package bash_4.3-7ubuntu1.2. lucid package bash_4.3-7ubuntu1.2 appears to have been upgraded fine, and handles the test case correctly. harry@mars:~$ md5sum Downloads/bash_4.3-7ubuntu1.1_amd64/bin/bash Downloads/bash_4.3-7ubuntu1.2_amd64/bin/bash 3c263963be49239e113a5794d54b732a Downloads/bash_4.3-7ubuntu1.1_amd64/bin/bash 3c263963be49239e113a5794d54b732a Downloads/bash_4.3-7ubuntu1.2_amd64/bin/bash harry@mars:~$ md5sum Downloads/bash_4.2-2ubuntu2.2_amd64/bin/bash Downloads/bash_4.2-2ubuntu2.3_amd64/bin/bash d63ff62f142e76205e89e4a4de553fec Downloads/bash_4.2-2ubuntu2.2_amd64/bin/bash 5ee533c7cd3a8246b4a3d7a29ffbe0b2 Downloads/bash_4.2-2ubuntu2.3_amd64/bin/bash harry@mars:~$ env -i PATH=Downloads/bash_4.2-2ubuntu2.3_amd64/bin:$PATH X='() { (a)=\' bash -c 'echo date'; cat echo bash: X: line 1: syntax error near unexpected token `=' bash: X: line 1: `' bash: error importing function definition for `X' date cat: echo: No such file or directory -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bash in Ubuntu. https://bugs.launchpad.net/bugs/1373781 Title: bash incomplete fix for CVE-2014-6271 Status in “bash” package in Ubuntu: Confirmed Bug description: The fixes for CVE-2014-6271 do NOT work! Security vuln, but should be public, this is known already. Ubuntu 14.04 LTS: bash 4.3-7ubuntu1.1 Ubuntu 12.04 LTS: bash 4.2-2ubuntu2.2 Ubuntu 10.04 LTS: bash 4.1-2ubuntu3.1 Testcase: rm -f echo env -i X='() { (a)=\' bash -c 'echo id'; cat echo expected output: bash: X: line 1: syntax error near unexpected token `=' bash: X: line 1: `' bash: error importing function definition for `X' id actual output: bash: X: line 1: syntax error near unexpected token `=' bash: X: line 1: `' bash: error importing function definition for `X' uid=0(root) gid=0(root) groups=0(root) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1373781/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1373781] Re: bash incomplete fix for CVE-2014-6271
Hi, Red Hat released new packages at https://rhn.redhat.com/errata/RHSA-2014-1306.html, that include fix for CVE-2014-7169, and they fixed with another way, and another problems (OOB memory access). We can investigate from RH SRPM, http://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bash-4.1.2-15.el6_5.2.src.rpm IMHO, Red Hat fix included 3 patches. - bash-4.2-cve-2014-7169-0.patch : parser bug fix-A for CVE-2014-7169 (same as http://seclists.org/oss-sec/2014/q3/685 ) - bash-4.2-cve-2014-7169-1.patch : introduce variable isolation in function import situation. another fix for CVE-2014-7169. this is new patch. - bash-4.2-cve-2014-7169-2.patch : OOB memory access(new problem) fix. They probosed these new patches at http://www.openwall.com/lists/oss- security/2014/09/25/32 . I make a proposition about that, could we apply these new patches? or they are not important? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bash in Ubuntu. https://bugs.launchpad.net/bugs/1373781 Title: bash incomplete fix for CVE-2014-6271 Status in “bash” package in Ubuntu: In Progress Status in “bash” source package in Lucid: Fix Released Status in “bash” source package in Precise: Fix Released Status in “bash” source package in Trusty: In Progress Status in “bash” source package in Utopic: In Progress Bug description: The fixes for CVE-2014-6271 do NOT work! Security vuln, but should be public, this is known already. Ubuntu 14.04 LTS: bash 4.3-7ubuntu1.1 Ubuntu 12.04 LTS: bash 4.2-2ubuntu2.2 Ubuntu 10.04 LTS: bash 4.1-2ubuntu3.1 Testcase: rm -f echo env -i X='() { (a)=\' bash -c 'echo id'; cat echo expected output: bash: X: line 1: syntax error near unexpected token `=' bash: X: line 1: `' bash: error importing function definition for `X' id actual output: bash: X: line 1: syntax error near unexpected token `=' bash: X: line 1: `' bash: error importing function definition for `X' uid=0(root) gid=0(root) groups=0(root) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1373781/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1373781] Re: bash incomplete fix for CVE-2014-6271
Fumihito YOSHIDA (hito), We are awaiting comments from the upstream bash developer about the OOB memory fixes, and the variable isolation hardening. We will address those in a later bash update. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bash in Ubuntu. https://bugs.launchpad.net/bugs/1373781 Title: bash incomplete fix for CVE-2014-6271 Status in “bash” package in Ubuntu: In Progress Status in “bash” source package in Lucid: Fix Released Status in “bash” source package in Precise: Fix Released Status in “bash” source package in Trusty: Fix Released Status in “bash” source package in Utopic: In Progress Bug description: The fixes for CVE-2014-6271 do NOT work! Security vuln, but should be public, this is known already. Ubuntu 14.04 LTS: bash 4.3-7ubuntu1.1 Ubuntu 12.04 LTS: bash 4.2-2ubuntu2.2 Ubuntu 10.04 LTS: bash 4.1-2ubuntu3.1 Testcase: rm -f echo env -i X='() { (a)=\' bash -c 'echo id'; cat echo expected output: bash: X: line 1: syntax error near unexpected token `=' bash: X: line 1: `' bash: error importing function definition for `X' id actual output: bash: X: line 1: syntax error near unexpected token `=' bash: X: line 1: `' bash: error importing function definition for `X' uid=0(root) gid=0(root) groups=0(root) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1373781/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1373781] Re: bash incomplete fix for CVE-2014-6271
** Branch linked: lp:ubuntu/trusty-security/bash -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bash in Ubuntu. https://bugs.launchpad.net/bugs/1373781 Title: bash incomplete fix for CVE-2014-6271 Status in “bash” package in Ubuntu: In Progress Status in “bash” source package in Lucid: Fix Released Status in “bash” source package in Precise: Fix Released Status in “bash” source package in Trusty: Fix Released Status in “bash” source package in Utopic: In Progress Bug description: The fixes for CVE-2014-6271 do NOT work! Security vuln, but should be public, this is known already. Ubuntu 14.04 LTS: bash 4.3-7ubuntu1.1 Ubuntu 12.04 LTS: bash 4.2-2ubuntu2.2 Ubuntu 10.04 LTS: bash 4.1-2ubuntu3.1 Testcase: rm -f echo env -i X='() { (a)=\' bash -c 'echo id'; cat echo expected output: bash: X: line 1: syntax error near unexpected token `=' bash: X: line 1: `' bash: error importing function definition for `X' id actual output: bash: X: line 1: syntax error near unexpected token `=' bash: X: line 1: `' bash: error importing function definition for `X' uid=0(root) gid=0(root) groups=0(root) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1373781/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp