[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Ltib] patch for Bash bug
|
From: |
Mike Goins |
|
Subject: |
Re: [Ltib] patch for Bash bug |
|
Date: |
Fri, 3 Oct 2014 05:50:57 -0400 |
FYI, something converted the line endings to dos format. md5sum
failed and strange errors on the spec file processing. All OK after
running dos2unix.
On Wed, Oct 1, 2014 at 10:02 AM, Peter Barada <address@hidden> wrote:
> On 09/30/2014 05:18 PM, Peter Barada wrote:
>
> On 09/30/2014 04:06 PM, Todd Sampson wrote:
>
> Is there a patch available for Bash? I notice most of the tools in my /bin
> are linked to Busybox except for Bash.
>
>
> _______________________________________________
> LTIB home page: http://ltib.org
>
> Ltib mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/ltib
>
> I've got one I'll send out tomorrow as a tarball (since it kicks bash up to
> the latest version with patches 001-025).
>
> Since I can't send the bash tarball through email due to size, grab the
> bash-4.3 tarball from http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz and place
> it (and the attached patch and md5 files) in your LPP (local package pool in
> /opt/ltib/pkgs), and also replace dist/lfs-5.1/bash/bash.spec with the
> attached bash.spec.
>
> Execute "./ltib -p bash" and you'll end up with bash updated to version
> 4.3.25(1) which passes the Shellshock bug test:
>
> $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
>
> See http://www.kb.cert.org/vuls/id/252743 for information on the Shellshock
> bug.
>
>
> --
> Peter Barada
> address@hidden
>
>
> _______________________________________________
> LTIB home page: http://ltib.org
>
> Ltib mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/ltib
>