Le 26. 09. 14 16:47, Chet Ramey a écrit :
On 9/26/14, 4:53 AM, Jean-Christian de Rivaz wrote:
Hello,
While this can seem completely obsolete, I still have machines running bash
2.05b (Debian etch). I worry about upgrading to bash 3.x because of some
backward compatibility issue.
It there any reason why there was no patch for bash 2.05b ? The test
command below show that the bug also affect this version:
j$ bash --version
GNU bash, version 2.05b.0(1)-release (i386-pc-linux-gnu)
Copyright (C) 2002 Free Software Foundation, Inc.
j$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test
Here's one. Two, actually, one for each CVE.
Hi Chet,
Applied without problem and there fixed the issues, as fare as I can
test it.
$ bash --version
GNU bash, version 2.05b.0(1)-release (i386-pc-linux-gnu)
Copyright (C) 2002 Free Software Foundation, Inc.
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
Thanks you very much for those patches :-)
Best Regards,
Jean-Christian
