On 09/26/2014 11:00 PM, V S, Nagendra (Nonstop Filesystems Team) wrote: > Hi Chet, > Thanks a lot for the patch. > > The official bash patch & the patch that you posted on openwall forum seems > to be different. The official bash patch does not contain this > > *** ../bash-4.2.48/y.tab.c 2012-12-31 11:53:10.000000000 -0500 > --- y.tab.c 2014-09-25 20:23:25.000000000 -0400
y.tab.c is a generated file, and will automatically be patched IF your build environment contains a working bison. The openwall forum listed a working directory that had both the .y and generated .c file changes in one listing, although the official patch is just the minimum change. If you are worried, check that your generated .c file contains the added line. At any rate, the existing tests to tell if CVE-2014-7186 has been fixed for your particular build of bash won't lie - if those tests say you are not vulnerable to this particular aspect of ShellShock, then the patch was applied correctly. Still, please bear in mind that ShellShock has multiple heads. Read this for more details why you need more than patch 49, before you can consider yourself fully immune to ShellShock: https://lists.gnu.org/archive/html/bug-bash/2014-09/msg00238.html -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
