> Ubuntu 14.04 has updates including one for bash so I assume that update
> fixed the issue in the subject header
I am running ubuntu / unity 14.04 with... $ bash --version
GNU bash, version 4.3.11(1)-release (x86_64-pc-linux-gnu)
...and I would get this response to the vulnerability check...
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test
Last night I used the "Software Updater" GUI tool which updates from Ubuntu's mirror.xnet.co.nz repository and I noticed that one of the updates was for bash.
After the update the version number for bash is still the same... $ bash --version
GNU bash, version 4.3.11(1)-release (x86_64-pc-linux-gnu)
...However there is a change with the vulnerability check...
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
cheers,
Ian.
> To: wlug@list.waikato.ac.nz
> Date: Fri, 26 Sep 2014 09:50:44 +1200
> From: mailinglist@blahdeblah.co.nz
> Subject: Re: [wlug] Fwd: [NZLUG] ALERT: Remote code-exec in bash (CVE-2014-6271)
>
> On Thu, 25 Sep 2014 10:35:36 +1200, Peter Reutemann wrote:
> > Typo...
> >
> Yes, I got that error too.
> Ubuntu 14.04 has updates including one for bash so I assume that update
> fixed the issue in the subject header
> _______________________________________________
> wlug mailing list | wlug@list.waikato.ac.nz
> Unsubscribe: http://list.waikato.ac.nz/mailman/listinfo/wlug