On 25/09/2014 13:08, Carl Brewer wrote:
On 25/09/2014 6:50 PM, Alexander Pyhalov wrote:
On 09/25/2014 12:46, Udo Grabowski (IMK) wrote:
On 25/09/2014 10:42, Jonathan Adams wrote:
http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/
The bug "works", so we are affected with everything that
is based on bash, as well as all users using bash in their
projects.
This is a bug with high impact and risks, so a fix should be
available for oi dev and hipster as fast as possible.
Hello.
I've seen fix for CVE-2014-6271, which I've already committed, but not
for CVE-2014-7169...
I'm stuck on 151a8 at the moment, is there any chance a fixed bash
binary could be made available somewhere?
Recent discussions seem to lead to a general security concern
with the crippled bash parser, so there nearly certainly will
be more and more security issues in the next days to come up.
I think the better alternative is to provide 'dash' and symlink
bash to dash instead, as dash much cleaner, faster, and POSIX -
compliant. Although, as it has not been widely used as bash
yet, could have its own bugs not yet discovered....
--
Dr.Udo Grabowski Inst.f.Meteorology & Climate Research IMK-ASF-SAT
http://www.imk-asf.kit.edu/english/sat.php
KIT - Karlsruhe Institute of Technology http://www.kit.edu
Postfach 3640,76021 Karlsruhe,Germany T:(+49)721 608-26026 F:-926026
_______________________________________________
openindiana-discuss mailing list
[email protected]
http://openindiana.org/mailman/listinfo/openindiana-discuss
