*** This bug is a duplicate of bug 1373781 ***
https://bugs.launchpad.net/bugs/1373781
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-7169
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1374207
Title:
CVE-2014-7169 fix not effective on trusty
Status in “bash” package in Ubuntu:
Invalid
Status in “bash” source package in Lucid:
Fix Released
Status in “bash” source package in Precise:
Fix Released
Status in “bash” source package in Trusty:
Fix Released
Status in “bash” source package in Utopic:
Invalid
Bug description:
I can reproduce the testcase from 1373781 with bash 4.3-7ubuntu1.2 on
trusty. The patch did NOT fix it, unfortunately.
rtucker@racer-x:~$ rm -f echo && env -i X='() { (a)=>\' bash -c 'echo id';
cat echo
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
uid=1000(rtucker) gid=1000(rtucker)
groups=1000(rtucker),4(adm),6(disk),24(cdrom),27(sudo),30(dip),46(plugdev),112(lpadmin),119(sambashare)
rtucker@racer-x:~$ bash --version
GNU bash, version 4.3.11(1)-release (x86_64-pc-linux-gnu)
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
rtucker@racer-x:~$ apt-cache policy bash
bash:
Installed: 4.3-7ubuntu1.2
Candidate: 4.3-7ubuntu1.2
Version table:
*** 4.3-7ubuntu1.2 0
500 http://mirrors.linode.com/ubuntu/ trusty-updates/main amd64
Packages
500 http://mirrors.linode.com/ubuntu/ trusty-security/main amd64
Packages
100 /var/lib/dpkg/status
4.3-6ubuntu1 0
500 http://mirrors.linode.com/ubuntu/ trusty/main amd64 Packages
precise does seem fixed, however:
rtucker@barleywine:~$ rm -f echo && env -i X='() { (a)=>\' bash -c 'echo id';
cat echo
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
id
cat: echo: No such file or directory
rtucker@barleywine:~$ bash --version
GNU bash, version 4.2.25(1)-release (x86_64-pc-linux-gnu)
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
rtucker@barleywine:~$ apt-cache policy bash
bash:
Installed: 4.2-2ubuntu2.3
Candidate: 4.2-2ubuntu2.3
Version table:
*** 4.2-2ubuntu2.3 0
500 http://mirrors.linode.com/ubuntu/ precise-updates/main amd64
Packages
500 http://mirrors.linode.com/ubuntu/ precise-security/main amd64
Packages
500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64
Packages
500 http://us.archive.ubuntu.com/ubuntu/ precise-updates/main amd64
Packages
100 /var/lib/dpkg/status
4.2-2ubuntu2 0
500 http://mirrors.linode.com/ubuntu/ precise/main amd64 Packages
500 http://us.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1374207/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
