*** This bug is a duplicate of bug 1373781 ***
https://bugs.launchpad.net/bugs/1373781
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-7169
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launc
*** This bug is a duplicate of bug 1373781 ***
https://bugs.launchpad.net/bugs/1373781
** This bug has been marked a duplicate of bug 1373781
bash incomplete fix for CVE-2014-6271
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Hi Seth,
thanks to figuring this out so fast.
I had indeed a 0 bytes file /root/echo from an earlier test.
So my entry #8 can be discarded.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1374207
Thomas, I'm not sure about your test -- there is a /bin/echo in the
filesystem (from the coreutils package) so checking for a file named
'echo' in that directory is not indicative of any attack. I suspect you
also have a /root/echo file, perhaps left over from earlier testing. If
you do, please del
Fix does not work in every directory
Using Trusty and 4.3-7ubuntu1.3
sudo -i
cd /root
X='() { function a a>\' bash -c echo; [ -e echo ] && echo "hacked"
bash: X: line 1: syntax error near unexpected token `a'
bash: X: line 1: `'
bash: error importing function definition for `X'
hacked
cd /bin
Bug #1373781 is the one listed on the CVE page,
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-7169
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1374207
Title:
CVE-2014-7169 fix not
** Changed in: bash (Ubuntu Utopic)
Status: In Progress => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1374207
Title:
CVE-2014-7169 fix not effective on trusty
To manage notificati
Should we mark this report as a duplicate of bug #1373781?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1374207
Title:
CVE-2014-7169 fix not effective on trusty
To manage notifications about this
** Branch linked: lp:ubuntu/trusty-security/bash
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1374207
Title:
CVE-2014-7169 fix not effective on trusty
To manage notifications about this bug go to:
This bug was fixed in the package bash - 4.3-7ubuntu1.3
---
bash (4.3-7ubuntu1.3) trusty-security; urgency=medium
* Updated debian/patches/CVE-2014-7169.diff to also patch y.tab.c in
case it doesn't get regenerated when built (LP: #1374207)
-- Marc DeslauriersThu, 25 Sep 20
There was a build issue with the Ubuntu 14.04 package, and I am in the
process of fixing it now. An update will be released within the hour.
The other releases should be ok.
** Changed in: bash (Ubuntu)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
** Also affects: bash (Ubuntu Luci
As per comment #5 on bug #1373781, the executables appear not to have
been updated to their patched versions (forgot to recompile, I guess?)
before the packages were generated.
Appears to be the case all bash and bash-static packages of the
4.3-7ubuntu1.2 ilk.
--
You received this bug notificati
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: bash (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1374207
Title:
CVE-2
This has been commented publicly on bug #1373781, and is also becoming
common knowledge on IRC. Switching bug visibility to Public.
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscr
14 matches
Mail list logo
